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SECURITY 


HeartbleecTs  Boon:  Stronger  Passwords 


IN  AN  IRONIC  TWIST,  the  security  vulner¬ 
ability  known  as  Heartbleed  may  have 
given  rise  to  improved  Internet  security. 
With  news  stories  about  Heartbleed 
causing  consternation  among  Internet  users 
everywhere,  people  who  previously  may 
not  have  thought  twice  about  their  online 
passwords  started  changing  them  last  month. 
Some  even  enabled  two-factor  authentication, 
which  forces  users  to  provide  two  separate 
pieces  of  information  for  access. 

A  bug  in  OpenSSL  that  was  introduced  in 
a  new  version  of  that  software  at  the  end  of 
2011,  Heartbleed  allowed  Internet  attackers 
—  under  some  circumstances  —  to  steal  data 
from  the  memory  of  a  server  in  64KB  chunks. 
That  data  could  include  passwords  or 
encryption  keys. 

Anecdotal  evidence  indicates  that  people 


are  taking  the  threat  seriously. 

As  reports  of  Heartbleed ’s  existence  spread 
through  the  media,  Facebook  saw  a  spike 
in  password  resets  and  enrollment  in  Login 
Approvals,  the  social  networking  site’s  version 
of  two-factor  authentication,  according  to  a 
Facebook  spokesman. 

And  software  developer  AgileBits  reports 
that  its  password  management  app,  1  Password, 
moved  into  the  top  10  most  popular  offerings 
in  Apple’s  App  Store  shortly  after 
the  news  about  Heartbleed  broke. 

Being  less  lax  about  passwords 
isn’t  revolutionary,  but  it’s  progress. 

“Sometimes  it  takes  a  disaster  to  get  people 
to  do  something  they  should  have  been  doing 
all  along,”  said  Steve  Pate,  chief  architect  at 
HyTrust,  a  provider  of  cloud  security  systems. 

-  Zach  Miners,  IDG  News  Service 
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ENTERPRISE  APPS 

San  Diego’s  SAP 
System  Triples 
Some  Workloads 

San  Diego’s  $50  million  SAP  system 
has  tripled  employees’  workloads  for 
some  tasks,  but  the  city  has  also  failed 
to  devote  enough  attention  to  training, 
according  to  a  consultant’s  report. 

The  city’s  purchasing  and  contract¬ 
ing  professionals  can’t  easily  generate 
crucial  reports  from  the  SAP  system, 
and  they’ve  become  “overwhelmed  by 
the  exhaustive  and  mainly  transaction¬ 
al  workload,"  according  to  the  report 
by  Huron  Consulting  Group. 

“Most  P&C  individuals  interviewed 
are  frustrated  by  the  time-consuming 
and  ‘dick-intensive’  requisition  proc¬ 
ess,"  the  report  adds.  It  can  take  any¬ 
where  from  20  minutes  to  a  few  days 
to  process  a  requisition  depending  on 
how  many  line  items  are  required. 

The  SAP  system’s  primary  purpose 
is  to  help  the  finance  department,  and 
it’s  working  well  in  that  regard,  accord¬ 
ing  to  an  official  municipal  document. 

Some  steps  are  being  taken  to  fix 
the  problems  plaguing  purchasing  and 
contracting  tasks,  including  the  adop¬ 
tion  of  “deep-dive”  training  to  help 
people  get  more  comfortable  with  the 
system,  according  to  the  report. 

SAP  spokesman  Andy  Kendzie  de¬ 
clined  to  comment  on  the  specifics  of 
San  Diego's  situation.  However,  “SAP’s 
goal  is  to  make  every 
customer  a  best-run 
operation,"  he  said 
via  email.  “Our  sys¬ 
tems  work  exactly  as  designed  and  we 
want  to  help  customers  use  them  to 
their  fullest  potential.” 

-  CHRIS  KANARACUS. 
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BETWEEN  THE  LINES 

By  John  Klossner 


Sony  has  developed 
magnetic  tape  technology 
that  offers 

74  times 

the  density  of  today’s 
standard  tapes. 


OPERATING  SYSTEMS 

Oracle  Adds 
OpenStack  Cloud 
Tools  to  Solaris 

Oracle  once  slammed  the  cloud 
as  hype,  but  apparently  it’s  back¬ 
ing  off  of  that  stance,  having 
introduced  a  Solaris  update  that 
includes  the  OpenStack  cloud  man¬ 
agement  platform. 

Designed  to  make  life  easier  for 
Oracle  customers  running  mixed 
cloud  environments.  Solaris  11.2 
integrates  OpenStack  components, 
including  the  Horizon  dashboard, 
the  Nova  compute  module,  the 
Neutron  network  module  and  the 
Cinder  block-storage  module. 

“We’re  transitioning  Solaris  from 
a  traditional  OS  to  a  full-fledged 
cloud  platform,"  said  Markus  Flierl. 
Oracle’s  vice  president  of  software 
development  for  Solaris,  adding 
that  Solaris  11.2  is  due  to  be  gener¬ 
ally  available  this  summer. 

OpenStack  is  a  collection  of 
open-source  components  that  can 
be  used  to  set  up  on-demand  com¬ 
pute  services  on  virtualized  equip¬ 
ment,  including  infrastructure  as  a 
service.  It  provides  a  “single  pane 
of  glass’  for  managing  multiple 
hypervisors. 

The  addition  of  OpenStack  sup¬ 
port  is  part  of  a  broad  update 
to  Solaris,  and  it’s  ?  big  step  for 
Oracle,  which  has  not  put  much 
emphasis  on  interoperability. 

-  JAMES  NICCOLAI, 
IDG  NEWS  SERVICE 
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DATA  CENTER 


IT  Execs  Expect  Big  Things  From  Solar 


CHALLENGED  TO  IMAGINE  the  data 
center  of  2025,  IT  managers  offered 
up  some  optimistic,  even  surprising, 
predictions. 

Emerson  Network  Power  polled  about  800 
data  center  managers,  and  the  results  suggest 
there  will  be  major  changes  on  three  fronts: 

■  Solar  power.  Data  center  managers 
expect  nearly  25%  of  their  power  to  come  from 
solar  energy  by  2025.  Today,  solar  accounts  for 
about  1%  of  a  data  center’s  energy  supply. 

■  The  cloud.  Nearly  three  quarters  of  the 
respondents  said  that  at  least  60%  of  comput¬ 
ing  will  be  cloud-based  in  10  years. 

■  Data  center  size.  Thirty  percent  of  the 
respondents  predicted  that  data  centers  will 
be  half  the  size  of  today’s  facilities,  while  18% 
said  they’ll  be  one-fifth  the  size  and  10%  said 
one-tenth  the  size. 

Alternative  energy  sources  —  including  fuel 
cells  and  solar,  wind,  geothermal  and  tidal 
energy'  —  account  for  no  more  than  10%  of  a 
data  center’s  power  these  days.  But  in  10  years. 


those  renewables  will  provide  50%  of  a  data 
center’s  power,  respondents  said. 

That  optimism  about  renewable  energy 
indicates  that  managers  are  imagining  “some 
fairly  large  technical  breakthroughs  that  are 
going  to  happen  in  the  renewable  space,”  said 
Steve  Hassell,  president  of  data  center  solu¬ 
tions  for  Emerson  Network  Power. 

Power  densities  of  6.4  kilowatt-hours, 
which  is  near  the  average  for  a  server  rack, 
require  8  square  meters  of  solar  panels  —  even 
more  when  cooling  is  considered. 

“We  haven’t  seen  a  dramatic  increase  in 
rack  density,”  said  Hassell.  But  the  respondents 
expect  that  will  change,  with  26%  predicting 
power  densities  of  8okwh  in  10  years,  and 
another  15%  envisioning  lookwh  densities. 

Respondents  were  also  optimistic  about  the 
prospects  for  self-healing,  self-optimizing  data 
centers,  which  may  come  into  being  with  soft- 
ware-defined  data  centers  and  the  use  of  more 
advanced  infrastructure  management  tools. 

-  Patrick  Thibodeau 
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IBM  Battles  Intel  in 
Hyperscale  M«et 

The  company  gets  a  shot  in  the  arm  from  Google  as 
it  starts  licensing  its  Powers  chips  to  third  parties 
in  a  bid  to  win  more  business.  By  James  Niccolai 


IBM  IS  INCHING  AHEAD  with  efforts  to  expand  sales  of  its 
Power  server  chips  and  challenge  Intel  in  the  market  for  hy¬ 
perscale  data  centers  run  by  the  likes  of  Google  and  Facebook. 

The  plan  got  a  big  shot  in  the  arm  late  last  month  when 
Google  showed  off  its  first  home-built  server  board  based 
on  IBM’s  upcoming  Power8  processor.  Though  the  Google  board 
is  a  test  vehicle,  it’s  a  good  vote  of  confidence  for  IBM. 

Over  the  past  decade,  Intel’s  increasingly  powerful  Xeon 
chips  have  been  eating  away  at  the  market  share  of  IBM’s  Power 
products.  IBM’s  first  move  in  its  counterattack  was  to  license  its 
Power  design  to  other  server  makers. 

IBM  needs  partners  because  providers 
of  computing  services  aren’t  interested 
in  IBM’s  own  Power  servers,  which  come 
bundled  with  costly  software  and  services. 

“Scale-out  service  providers  aren’t  going 
to  buy  from  IBM,”  said  Patrick  Moorhead, 
an  analyst  at  Moor  Insights  &  Strategy.  “No 
matter  how  good  the  technology  is,  they’ll 
want  to  buy  it  from  someone  with  a  differ¬ 


ent  cost  model.” 

Power-based  IBM  Unix 
servers  today  mostly  run 
enterprise  software  from 
IBM,  SAP  and  Oracle.  With 
that  market  in  decline,  IBM 
is  opting  for  a  strategy  that 
involves  third-party  Power- 
based  machines  running 
Web  and  analytics  ap¬ 
plications  in  the  large  data 
centers  of  major  IT  service 
providers. 

Service  providers  increas¬ 
ingly  want  no-frills  “white 
box”  systems  —  the  op¬ 
posite  of  IBM’s  traditional 
offerings  —  as  well  as  a  say 
in  how  they  are  designed. 

To  get  its  plan  started, 
IBM  last  summer  formed 
the  OpenPower  Foundation, 
a  group  that  now  has  26 
members  —  mostly  vendors. 
Though  the  process  of  signing  up  third  parties  to 
build  Power-based  systems  has  been  slow  —  China’s 
Suzhou  PowerCore  is  the  first  licensee  —  some 
members  of  the  OpenPower  Foundation  have  built 
tools  designed  to  work  with  the  IBM  chip. 

For  instance,  Nvidia  said  its  graphics  processors  will 
soon  be  able  to  act  as  accelerators  in  Power  servers. 
Tyan,  a  motherboard  maker,  has  showed  off  the  first 
reference  design  for  a  white-box  Power  server.  And 
component  vendors  Mellanox,  Xilinx  and  Altera  have 
disclosed  new  products  featuring  Power  chips. 

And  Google  has  worked  with  IBM  and  Canonical, 
maker  of  the  Ubuntu  open-source  platform,  to  develop 
open-source  tools  and  firmware  for  Power  systems. 
“We’re  going  through  a  pretty  detailed  investigation 
of  the  Power  architecture,”  said  Gordon  MacKean,  a  Google  engi¬ 
neering  director  and  chairman  of  the  OpenPower  Foundation. 

But  IBM  needs  more  OEM  partners.  “They’re  definitely  still  in 
the  crawl  stage,”  Moorhead  said. 

IBM’s  new  business  model  mimics  that  of  ARM,  which  has 
been  wildly  successful  in  designing  processors  for  smartphones 
and  tablets  and  licensing  them  to  manufacturers. 

Intel  isn’t  standing  still.  Its  new  E7  V2  processors  offer  triple 
the  memory  capacity  of  their  predecessors,  a  quality  that  compa¬ 
nies  like  Google  covet. 

IBM  is  determined  that  Power  technol¬ 
ogy  will  have  a  bigger  role  to  play,  but  it’s 
aware  that  there’s  a  lot  of  work  to  do. 

“We’re  taking  that  technology  used  to 
build  computers  [in  big  cabinets  and]  de¬ 
composing  it  into  its  elements,”  said  Brad  . 
McCredie,  IBM’s  vice  president  of  Power 
development.  “We’re  making  it  available  to 
people  to  innovate.”  ♦ 

Niccolai  is  a  reporter  for  the  IDG  News  Service. 


Scale-out  service 
providers  aren’t 
going  to  buy  from  yl. 
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Microsoft’s  New 
‘Normal’  Irritates  IT 

Experts  say  the  more  Microsoft  pushes  faster-paced  Windows 
updates,  the  more  enterprises  will  resist  By  Gregg  Keizer 


MICROSOFT'S  NEW  PROCESS  for  updating 

Windows  —  which  features  a  faster-paced  tempo 
that  requires  customers  to  apply  releases  within 
weeks  —  could  be  a  first  step  in  moving  the  op¬ 
erating  system  to  a  services-style  model. 

It’s  also  a  strategy  likely  to  face  years  of  resistance  from  enter¬ 
prise  IT  departments  as  they  struggle  to  adapt. 

“Microsoft  is  thinking  of  Windows  as  more  of  a  service,”  said 
Wes  Miller,  an  analyst  with  Directions  on  Microsoft.  “That’s 
what  they’d  like  us  to  get  to.” 

The  new  “normal”  will  involve  frequent 
security-related  and  non-security-related  fixes, 
new  features  and  even  user  interface  changes. 

“Microsoft  would  certainly  like  [acceler¬ 
ated  updates]  and  it  will  try  to  make  it  so,”  said 
Michael  Silver,  an  analyst  at  Gartner. 

The  IT  outcry  began  with  Microsoft’s  initial 
demand  that  customers  apply  two  updates 
released  last  month  within  five  weeks  or  be  cut 
off  from  all  future  updates,  including  monthly 
security  patches.  Microsoft  eventually  extended 


the  deadline  for  businesses  to  Aug.  12. 

Even  with  the  extension,  enterprises 
must  deploy  updates  in  one-sixth  the 
time  Microsoft  required  in  the  past, 
when  users  had  at  least  24  months. 

IT  executives  say  the  accelerated 
pace  gives  them  little  time  to  run 
deployment  processes  they’ve  honed  for 
decades  —  processes  that  include  deep 
testing  and  real-world  evaluation. 

“It  does  create  a  problem  when  busi¬ 
nesses  are  buying  desktops  or  deploying 
tablets  and  trying  to  have  a  standard 
to  set  to,”  said  Miller.  “It’s  hard  to  do 
that  when  the  wheels  are  constantly  in 
motion  and  the  pieces  on  the  board  are 
always  moving.” 

Microsoft  has  repeatedly  argued 
that  its  decision  to  adopt  a  faster  pace 
stemmed  from  “customer  feedback.” 

The  reality  is  more  complicated. 
Microsoft  might  not  have  had  to  issue 
Windows  8.1  Update,  or  perhaps  even 
Windows  8.1,  if  it  had  paid  attention  to 
critics’  warnings  that  Windows  8  was  too 
radical  a  redesign  for  users  to  swallow. 

“It’s  a  weird  Catch-22,”  Miller  said.  On 
one  hand,  Microsoft  is  advocating  rapid 
acceptance  of  operating  system  updates 
to  bring  Windows  into  the  21st  century, 
where  mobile  OS  updates  are  frequent 
for  competitive-advantage  reasons  and 
are  easily  accepted  by  most  users.  On 
the  other,  enterprises  dislike  change  and 
can  point  to  flaws  in  Microsoft’s  current 
updating  processes. 

Analysts  expect  retrenchment  by 
many  corporate  users  who  have  stan¬ 
dardized  on  Windows  7.  Companies  will  likely  hold  onto  Windows 
7  longer  than  they  might  have  sans  the  successor’s  accelerated  pace. 

Silver  said  he  doesn’t  expect  Microsoft  to  expand  the  new 
“normal”  to  incorporate  Windows  7. 

If  Microsoft  did  change  Windows  7’s  updating  process,  the 
uproar  would  be  enormous,  analysts  agree.  Therein  lies  Mi¬ 
crosoft’s  between-a-rock-and-a-hard-place  situation:  It  wants  to 
change  how  it  does  business,  but  the  more  it  does,  the  harder 
enterprises  dig  in  their  heels. 

Miller  noted  that  many  of  the  moves  Microsoft  has  made 
to  quell  the  unrest  generated  by  Windows  8 
threaten  the  company’s  efforts  to  drag  custom¬ 
ers  into  the  future.  “Things  like  bringing 
back  the  Start  menu  are  in  fact  a  bad  story  for 
Microsoft,”  he  said. 

The  faster  tempo  also  threatens  Microsoft’s 
push  to  get  customers  into  cloud-based  ser¬ 
vices,  Miller  asserted.  “If  people  are  uncom¬ 
fortable  with  software  as  a  service  [through 
rapid  updates],  they’re  going  to  be  even  more 
uncomfortable  with  the  cloud.”  ♦ 


Microsoft  is 
thinking 
of  Windows  as 
more  of  a  service. 
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Edward  w. 
Marx 


Inalife-and-death 
industry,  quality  and 
testing  are  high  on 
this  CIO's  priority  list. 


Family:  Married  for  28  years,  two 
adult  children  and  one  grandchild. 

Hobbies:  Dancing  Argentine  tango 
with  his  wife,  competing  in  Ironman 
triathlons  and  participating  as  a 
member  of  the  2014  USA  Duathlon 
team,  which  competes  at  the  world 
championships  this  month  in  Spain. 

Goal:  To  climb  all  of  the  Seven 
Summits.  He  has  already  climbed 
Kilimanjaro  in  Tanzania,  Elbrus  in 
Russia  and  Aconcagua  in  Argentina. 

Current  reading  list:  The  Blessed 
Life,  by  Robert  Morris,  Destiny  Defied, 
by  J.A.  Marx  (Edward's  wife),  and 
Into  Thin  Air,  by  Jon  Krakauer. 

Playlist:  Techno-tango  and 
'80s  new  wave 


EDWARD  MARX  focuses  on  technology’s  power  to  transform  the  healthcare  in¬ 
dustry.  As  senior  vice  president  and  CIO  at  Texas  Health  Resources  in  Arlington, 
Marx  has  led  numerous  IT-enabled  transformative  initiatives  aimed  at  improving 
patient  health.  Those  projects  include  using  social  media  to  connect  with  the  local 
community  and  implementing  BI  tools  to  deliver  advanced  clinical  care.  “Everyone  agrees 
there’s  a  financial  benefit,  but  at  the  end  of  the  day,  I  know  what  we're  doing  is  making 
the  difference  in  someone’s  life.  I  can  see  by  leveraging  IT  you  can  make  a  demonstra¬ 
tive  difference,”  he  says.  In  January,  the  College  of  Healthcare  Information  Management 
Executives  and  HIMSS,  a  nonprofit  group  focused  on  healthcare  IT,  selected  Marx  as  the 
recipient  of  the  2013  John  E.  Gall  Jr.  CIO  of  the  Year  Award. 

What  do  you  think  earned  you  recognition  as  CIO  of  the  Year?  My  leadership  and  my 
transformation  methodology  and  disruption  of  the  status  quo.  I  stress  leadership  a 
lot  more  than  technology.  I  talk  to  people  about  wising  up  and  claiming  their  title, 
because  for  most  of  us,  that’s  senior  vice  president  before  chief  information  officer.  So  _ 
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THE  GRILL 


EDWARD  W.  MARX 


How  do  you  measure  IT's 
value  in  your  organiza¬ 
tion?  We  do  measure 
traditional  financial 
ROI,  just  like  any  other 
company.  We’re  very 
judicious  about  that. 

But  what  stokes  my  fire 
is  how  do  we  measure 
clinical  quality  and 
patient  safety  and  how, 
therefore,  do  we  improve 
it.  We  have  all  these 
technology  tools  that  we 
could  leverage  to  improve 
quality  and  safety.  Our 
performance  is  based  on 
the  measures  of  those. 
One  example:  One  of  the 
biggest  killers  of  patients 
that  come  into  Ameri¬ 
can  hospitals  today  is 
pulmonary  thromboem¬ 
bolism,  or  PTE.  So  we  did 
some  innovation  and  we 
reduced  the  incidence  of 
PTE  by  25%.  We  know  because  we  measure  this  stuff.  In 
a  traditional  hospital,  if  you  think  a  patient  is  at  risk  for 
PTE,  you  put  them  on  a  certain  protocol  —  elevate  their 
legs  or  take  a  particular  drug.  But  in  a  paper  process, 
you  might  not  realize  a  patient  is  at  risk.  Because  we’re 
automated  with  electronic  health  records,  we  built  that 
into  our  order  set.  It’s  that  sort  of  innovation  that  really 
enabled  this  transformation. 


Why  go  to 
the  hospital 

if  we  can 
give  them 
the  data  wherever  they 
are  so  they  can  take 
immediate  action? 


really  lean  on  that  senior 
vice  president  title.  We 
do  a  lot  of  transformation 
here  leveraging  technol¬ 
ogy.  And  we  do  a  lot  of 
disruption  here. 


What  is  your  biggest  IT  initiative  right  now?  We  don’t 
have  any  IT  initiatives.  We  have  business  initiatives 
that  require  IT,  and  one  of  those  is  population  health. 
We’re  more  about  well-being  and  we  want  to  engage 
the  communities  before  they  need  Texas  Health.  We’re 
engaging  our  community  in  many  ways,  and  population 
health  requires  a  lot  of  IT.  Another  area  is  patient  engage¬ 
ment.  That  goes  back  to  population  health,  but  it’s  about 
mobility'  and  connected  health.  Not  too  many  people 
want  to  come  to  the  hospital,  so  is  there  a  way  to  deliver 
healthcare  at  a  lower  cost  that’s  not  in  the  hospital?  We 
call  it  connected  health.  You  should  be  able  to  do  a  lot 
more  today  with  your  local  provider  on  your  smartphone 
than  you  do.  And  we’re  trying  to  engage  the  clinician  in 
the  same  way.  Why  go  to  the  hospital  if  we  can  give  them 
the  data  wherever  they  are  so  they  can  take  immediate 
action?  The  third  area  is  predictive  analytics.  We  should 


be  able  to  take  this  data  and  make  predictions  around 
risks  so  I  could  get  a  call  or  text  from  my  personal  health 
record  that  says,  “Come  in  in  30  days  for  another  lab 
workout”  or  “Keep  exercising.” 

What's  next  for  your  IT  department?  I  think  there  are 
three  areas.  [One  is]  optimization.  We  implemented 
a  lot  of  technology  and  we  did  pretty  well,  but  as  you 
get  more  experience  and  add  new  features,  you  have 
to  make  sure  you  optimize  your  investment.  We  come 
back  through  with  another  team  after  we’ve  been 
doing  it  a  couple  of  years  and  see  what  more  we  could 
be  doing  or  what  new  features  we  could  take  advantage 
of.  Another  area  is  BI.  We’re  going  to  get  to  prescriptive 
analytics,  get  very  customized  to  the  individual.  And 
then  the  third  area  is  the  whole  concept  of  innovation. 
We  have  to  constantly  challenge  ourselves  on  how  we 
can  come  up  with  a  better  way  of  doing  things. 

What  can  IT  leaders  in  other  industries  learn  from 
you  and  other  healthcare  CIOs?  Once  a  year,  I  take 
my  leadership  team  and  I  pick  another  company  and 
we  spend  the  entire  day  together.  I’ve  done  this  with 
Kimberly-Clark,  RadioShack,  Pier  1, 7-Eleven.  And  we 
learn  from  each  other.  I  think  what  they  can  learn  from 
healthcare  IT  is  our  focus  on  quality  and  testing.  If  we 
make  a  mistake,  it  can  cost  someone  their  life.  In  other 
[industries],  it  might  mean  cost  overruns.  So  we  take 
extraordinary  steps  to  make  sure  there’s  high  quality  and 
lots  of  testing. 

What  does  it  take  today  for  IT  departments  to  ensure 
high  customer  satisfaction?  I  have  three  formulas.  You 
have  to  have  as  much  eye-to-eye  communication  as 
possible.  They  need  to  see  me  rounding  with  doctors 
and  nurses  on  the  floor,  so  they  know  I  understand  what 
they’re  doing.  Another  way  is  face  to  face.  You  have  to 
know  the  strategy,  where  they  want  to  go.  And  the  final 
is  peer  to  peer.  Physician  satisfaction  is  a  key  indicator  to 
us,  and  our  highest  area  of  satisfaction  for  the  physicians 
was  IT  at  94%.  We’re  above  80%  overall  with  everyone, 
and  that’s  world-class  according  to  Gartner. 

What  do  you  do  as  a  CIO  to  develop  leaders?  We  have  a 
leadership  academy.  We  take  eight  students  a  year,  they 
get  mentored  by  me  or  one  of  my  direct  reports  and  they 
learn  business  leadership.  We’re  going  to  graduate  our 
second  class  soon.  We  take  advantage  of  Texas  Health 
University,  that’s  the  typical  HR-run  training  program. 
They  do  a  great  job  here.  And  in  addition  to  that,  I  bring 
in  other  organizations  to  help  us  because  I  believe  in 
leadership  development  so  badly  that  I’m  willing  to 
invest.  And  I  push  people  hard  to  present.  We  do  a  lot  of 
presentations  around  the  country.  It  improves  our  brand, 
it  helps  our  employees  and  there’s  nothing  Jike  being 
asked  to  teach  to  really  solidify  it  in  you  as  a  leader. 

—  Interview  by  Computerworld  contributing  writer 
Mary  K.  Pratt  (marykpratt@verizon.net) 
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-  OPINION 


Miff  PERKINS 


A  Project  Staffing 
Worst  Practice 


With  IT, 
disregarding 
the  value  of 
expertise  and 
experience  is 
ludicrous. 


Bart  Perkins  is 

managing  partner 
at  Louisville.  Ky.- 
based  Leverage 
Partners,  which  helps 
organizations  invest 
well  in  IT.  Contact 
him  at  BartPerkins® 
LeveragePartners.com. 


GATHERING  BEST  PRACTICES?  Here’s  a  worst  practice:  using 

the  Defense  Department’s  Lowest  Price  Technically  Acceptable 
(LPTA)  procurement  approach  to  evaluate  RFPs  for  systems  inte¬ 
gration,  IT  strategy,  ERP  installation  other  high-skill  efforts. 


LPTA  was  originally  designed  to  purchase  items 
with  precisely  defined  technical  requirements, 
such  as  office  supplies  and  raw  materials.  Chosen 
suppliers  met  the  minimum  requirements  at  the 
lowest  price.  But  with  budgets  squeezed  ever 
tighter,  LPTA  is  now  being  used  to  procure  IT  pro¬ 
fessional  services,  where  disregarding  the  value  of 
expertise  and  experience  is  ludicrous.  Predictably 
suboptimal  results  stem  from  flaws  such  as  these: 

■  Murky  minimum  technical  requirements. 
When  project-specific  requirements  aren’t  defined 
before  the  RFP  is  offered,  the  only  specified 
requirements  are  the  project  team’s  education, 
experience,  certifications,  etc.  Worse,  LPTA 
procurement  rules  leave  no  room  for  interpreta¬ 
tion.  When  a  PMP-certified  project  manager  is 
required,  project  managers  who  have  successfully 
implemented  a  virtually  identical  project  but  lack 
certification  are  excluded  from  consideration.  And 
nonprice  criteria  are  evaluated  solely  as  pass/fail, 
without  credit  for  exceeding  specifications. 

■  Hiring  the  cheapest  people,  not  the  best  team. 
When  the  sole  RFP  focus  is  cost,  suppliers  can’t 
afford  to  assemble  teams  with  an  appropriate  blend 
of  skills  and  experience.  Projects  staffed  via  LPTA 
usually  end  up  with  the  least  expensive  people 
meeting  minimum  levels  of  education,  security 
clearance  and  so  on.  Such  people  are  likely  to  have 
trouble  with  unexpected  or  complex  problems. 

■  No  room  for  creativity.  LPTA-based  RFPs  are 
very  proscriptive.  Suppliers  that  offer  nonstandard 
approaches  to  achieving  project  objectives  are 
rarely  able  to  meet  unbending  technical  require¬ 
ments.  When  a  creative  supplier  comes  up  with 


a  better  solution  midproject,  LPTA  contracting 
rules  necessitate  an  elaborate  change  process. 

■  Expensive  overruns.  LPTA  contracts  place 
less  emphasis  on  project  requirements,  metrics, 
deliverables  and  outcomes  than  do  traditional 
contracts.  That  makes  suppliers  less  accountable, 
so  they  can  easily  justify  expensive  change  orders. 
LPTA  ignores  that  a  smaller,  more  experienced 
team,  though  better  paid,  can  often  deliver  at 
lower  cost.  Fred  Brooks’  The  Mythical  Man-Month 
observed  that  the  best  programmers  are  often  10 
times  more  productive  than  the  worst  ones. 

■  Disappearing  suppliers.  Squeezed  by  LPTA 
restrictions,  many  government  contractors  have 
cut  training,  support  and  facilities  to  the  bone. 
Some  have  eliminated  nearly  all  employees 
and  hire  independent  contractors  for  a  project’s 
duration  and  no  longer.  Others  have  exited  the 
business  entirely.  Deputy  Defense  Secretary  Ash 
Carter  recently  acknowledged  that  suppliers  need 
“profits  and  margins  to  be  successful,”  and  if  sup¬ 
pliers  disappear,  the  DOD  will  need  to  pay  higher 
rates  or  rehire  employees. 

The  government  must  learn  that  IT  profes¬ 
sional  services  are  not  pencils,  and  agencies 
should  stop  attempting  to  hire  IT  professionals 
who  asymptotically  approach  minimum  require¬ 
ments.  The  private  sector,  usually  more  astute, 
must  fight  against  the  insanity  of  using  LPTA  for 
IT  professional  service  RFPs.  Comprehensive  IT 
systems  involving  major  business  process  changes 
are  complex  and  require  skilled,  high-functioning 
teams.  Ignore  this,  and  you  will  get  only  what  you 
pay  for  —  and  exactly  what  you  deserve.  ♦ 


12  COUPUTERWORLD  MAY  19.  2014 


1‘ 


The  Computerworld  Inner  Circle  Research  Panel  was  established  as  a  way 
for  members  of  the  IT  community  to  share  information  and  gain  insight  into 
various  technology  topics,  including  new  initiatives  and  top  issues  faced  by 
IT  professionals  and  executives. 

Inner  Circle  panel  members  get  exclusive  access  to  results  of  the  surveys 
on  the  panel  site  at:  www.computerworldinnercircle.com,  and  are  eligible  for 
some  nice  cash  and  prize  giveaways  for  their  participation.  We  look  forward  to 
hearing  your  input! 
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Let  s  Talk  about 


No  one  is  having 
an  honest 
conversation 
about  risk  - 

and  that’s  putting 
IT  between  a  rock 
and  a  hard  place. 
Here  are  seven 
ways  to  change 
the  dialogue. 

BY  MINDA  ZETLIN 


IT'S  A  FAMILIAR  COMPLAINT:  Executives  from  a  busi¬ 
ness  department  learn  about  a  new,  often  cloud-based 
product  and  they  want  to  try  it.  Only  they  can’t,  because 
IT  has  decreed  that  this  wonderful  new  product  creates 
too  much  risk.  The  frustrated  business  execs  gripe  that 
IT  is  standing  in  the  way  of  progress.  As  one  business 
executive  said,  IT  is  “where  dreams  go  to  die.” 

The  problem  might  not  lie  in  some  stubborn  dislike 
by  technology  professionals  for  innovative  new  prod¬ 
ucts.  The  problem,  CIOs  and  other  experts  agree,  is  that  most 
organizations  don’t  have  a  realistic,  balanced  or  mature  system  for 
evaluating  and  making  decisions  about  technology  risk.  Especially 
the  risk  that  always  comes  with  implementing  something  new. 
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something  will  go 
you’re  a  goalie 
people  will  score. 

o  instead  is  talk 
about  relative  risk. 


MATT  POWELL,  CIO.  KIRSHENBAUM  BOND  SENECAL  +  PARTNERS 


“Somebody,  typically  in  a  line  of  business,  has  some  SaaS 
product  they  want  to  use,  and  they  provide  a  business  case  for 
it:  ‘Here’s  all  the  good  stuff  that  can  result  from  the  use  of  this. 
It’ll  make  my  numbers.  I  can  access  it  from  anywhere,”’  says  Jay 
Heiser,  an  analyst  at  Gartner. 

At  that  point,  IT  is  asked  to  determine  whether  the  software  in 
question  is  safe  to  use.  “Then  starts  a  farcical  attempt  to  prevent 
something  bad  from  happening,”  says  Heiser.  Ensuring  complete 
indemnification  for  any  losses  suffered  in  the  event  of  a  breach 
likely  means  inserting  provisions  into  the  vendor’s  standard  con¬ 
tract.  “These  are  cookie-cutter  products;  the  company  has  30,000 
customers.  They’re  not  going  to  negotiate  contracts,”  he  says. 

Next  come  questions  about  the  cloud  provider’s  security 
practices,  but  here  again,  Heiser  says,  it’s  difficult  or  impossible 
to  construct  a  questionnaire  that  will  fully  determine  that  the 
provider  will  keep  data  secure.  A  site  visit  might  be  helpful, 
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but  the  sheer  volume  of  customers  will  make  it  impossible  for 
the  provider  to  welcome  most  of  them.  And  even  when  you  are 
standing  at  a  provider’s  facility  looking  straight  at  its  servers,  that 
doesn’t  give  you  access  to  the  person  who  wrote  the  code. 

In  short,  there  is  no  way  to  guarantee  security,  especially  that 
of  a  cloud-based  product,  Heiser  says.  And  therefore,  IT  profes¬ 
sionals  tend  to  take  the  simplest  path  and  decline  to  give  their 
approval,  which  in  turn  earns  them  a  reputation  as  dream-killers. 
It’s  a  setup  that  guarantees  frustration  on  all  sides,  and  one  that’s 
more  than  ripe  for  adjustment. 

But  changing  it  requires  seriously  rethinking  how  businesses 
work  with  IT  to  make  technological  decisions.  That  won’t  be 
easy,  but  here  are  some  places  to  start. 

LET  CIOS  OFF  THE  HOT  SEAT 

Talk  to  any  CIO  long  enough  on  the  subject  of 
technology  risk,  and  one  company  name  is  likely 
to  come  up:  Target.  The  retailer  suffered  a  widely 
publicized  data  breach  compromising  a  total  of  no 
million  credit  cards  in  December  and  January  —  a 
number  that’s  equivalent  to  more  than  one-third  of  the  U.S. 
population,  assuming  all  the  cards  belonged  to  different  people. 
As  the  dust  settled  and  lawsuits  were  filed,  no  one  was  surprised 
when  Target  CIO  Beth  Jacobs  tendered  her  resignation. 

Jacobs  had  been  on  the  job  about  six  years,  putting  her  right  at 
the  average  CIO  tenure  according  to  CIO  magazine’s  2014  State 
of  the  CIO  survey.  That’s  a  fact  worth  noting  because  behind 
it  lies  a  darker  truth:  Most  CIOs  assume  they’re  always  one  big 
tech  failure  away  from  losing  their  jobs.  “I  don’t  know  if  she  did 
a  good  job  or  not,  but  she  got  fired,”  Heiser  says.  “In  practice,  if 
something  breaks,  they’ll  go  looking  for  a  scapegoat.”  Because 
CIOs  face  that  reality,  he  adds,  it’s  easy  to  see  why  most  of  them 
are  motivated  to  make  “extremely  conservative  decisions.” 

“We  have  encrypted  our  systems  and  we  audit  stuff  regularly,” 
one  CIO  confides.  “We’ve  done  our  absolute  best  to  make  sure 
there  is  never  a  breach.  Still,  just  like  the  Target  CIO,  if  I  stay 
here  long  enough,  there  will  be  a  situation  that  I  get  blamed  for.” 

STOP  ASKING  THE 
WRONG  QUESTIONS 

“I  get  a  lot  of  questions  from  Gartner  clients  who 
want  a  definitive  read  as  to  whether  some  cloud 
system  is  ‘secure’  or  not,”  Heiser  says.  “It’s  the 
wrong  answer  and  the  wrong  question.” 

To  begin  with,  there’s  no  such  thing  as  a  perfectly  secure 
system.  “Inevitably,  something  will  go  wrong  because  you’re  a 
goalie  and  sometimes  people  will  score,”  says  Matt  Powell,  CIO 
at  Kirshenbaum  Bond  Senecal  +  Partners,  an  advertising  agency 
headquartered  in  New  York.  “What  we  do  instead  is  talk  about 
relative  risk.”  Powell  says  he  has  read  that  the  National  Security 
Agency’s  standing  posture  is  that  all  its  systems  have  been  com¬ 
promised  100%  of  the  time.  If  a  government  agency  with  legend¬ 
ary  technical  proficiency  makes  that  assumption,  he  suggests, 
everyone  else  should  too.  Once  you  adopt  that  mindset,  he  says, 
“it’s  a  matter  of  how  much  is  at  risk,  and  for  how  long.” 

Unfortunately,  Heiser  says,  “there’s  no  way  to  conceptualize  ■ 
risk.”  Even  though  many  organizations,  including  Gartner,  have 
tried  to  put  a  finger  on  risk  profiles  and  scenarios,  “there’s  no 
good  way  to  quantify  that,”  he  says.  “If  you  could  tell  the  business 
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there’s  a  5%  chance  in  any  year  that  your  competitor  could  gain 
access  to  your  data  through  this  service  and  that  was  backed  up 
by  statistics,  you  could  base  a  decision  around  that,  but  it’s  still 
going  to  be  an  emotional  decision.” 

START  WEIGHING 
RISK  VS.  REWARD 

There’s  no  reasonable  way  to  make  a  good  decision 
if  all  you’re  looking  at  are  the  bad  things  that  can 
happen  if  a  new  system  leads  to  a  data  breach  or 
malfunction.  A  wise  approach  to  IT  management 
requires  weighing  that  increased  risk  against  the  business  ben¬ 
efits  of  adopting  a  new  technology,  as  well  as  the  business  risk  of 
not  adopting  it  and  losing  an  opportunity  or  a  competitive  edge. 

How  can  CIOs,  without  a  big-picture  view  of  the  organization 
and  its  strategy,  make  judgments  like  these?  They’d  better  get 


that  big-picture  view,  advises  Frank  Petersmark,  CIO  advocate  at 
management  consultancy  X  by  2  in  Farmington  Hills,  Mich.,  and 
former  CIO  at  Amerisure  Insurance,  a  102-year-old  property  and 
casualty  company  with  more  than  $600  million  in  direct  premi¬ 
ums,  also  located  in  Farmington  Hills.  “You  have  to  put  technol¬ 
ogy  risks  into  business  terms,”  he  says.  “If  there’s  a  data  breach 
and  customers’  information  is  out  there,  how  will  they  feel  about 
it?  How  will  it  impact  sales  or  profitability?” 

It’s  part  of  the  new  CIO  role.  “The  CIO  has  evolved  from  CIO 
1.0,  techie  person  in  the  room  where  the  lights  are  blinking  and 
we  don’t  know  what  they  do,”  he  says.  “Now  we’re  up  to,  I  think, 
CIO  6.0,  moving  toward  a  full  business  partner  with  executive 
colleagues.  You’re  expected  to  know  the  business  domain  of  your 
organization  as  well  as  anyone  who  works  there.  And  the  reason 
is  obvious.  Technology  is  such  an  enabler  or  disabler  now,  that’s 
the  kind  of  IT  leader  they  want.” 


to  reducing 

technology  risk,  sometimes 
the  law  can  be  your  best 
friend.  For  CIOs  in  the  healthcare  field,  for 
example,  the  Health  Insurance  Portability 
and  Acco  stability  Act  (HIPAA)  can  serve 
as  a  guide  to  what  is  and  isn’t  acceptable 
risk;  it  can  also  provide  a  definitive  argu¬ 
ment  for  taking  a  strong  security  stance. 

“HIPAA  dominates  everything  we  do,” 
says  Jason  Thomas,  CIO  at  Green  Clinic,  an 
all-physician-owned  facility  with  six  satel¬ 
lite  locations  headquartei  d  in  R  >ton.  La. 
"We  use  it  to  look  at  all  decisions:  Where 
is  this  coming  from?  Is  patient  data  pro¬ 
tected?  Are  we  encrypting  data  before  we 
send  it  to  someone  else?  If  we  send  it,  do 
they  have  a  business  agreement  with  us 
and  are  they  HiPAA-compliant?” 

Deciding  what  does  and  doesn't  1  lalify 
as  “HiPAA-compliant”  isn’t  as  straightfor¬ 
ward  as  one  might  think.  “HIPAA  has  a  lot 
of  requirements,  but  they’re  very  vague.” 
Thomas  says.  "It  was  written  almost  10 


years  ago  and  nobody  really  knows  what  it 
says.  That’s  led  a  lot  of  people  to  be  either 
very  lax  or  very  stringent  where  HIPAA 
is  concerned.  Some  don’t  worry  about 
encryption  or  auditing  their  access  -  their 
interpretation  is  that  it  doesn’t  apply.” 

Green  Clinic  comes  down  on  t  e  strin¬ 
gent  end  of  the  spectrum,  he  says,  and 
that  has  occasionally  caused  friction  with 
both  vendors  and  the  doctors  who  want 
to  buy  their  products,  “There  are  a  lot  of 
sales  reps  out  there,  and  they’re  frankly 
not  always  on  our  side,”  he  says. 

For  example,  Green  Clinic’s  IT  team 
insists  on  using  encryption  for  all  patient 
data.  “We  have  a  facility  that  does  X-rays, 
and  we  had  a  vendor  tell  us  they  would  set 
up  their  workstation,  install  their  software, 
and  that’s  how  it  needs  to  stay,”  Thomas 
says.  From  his  point  of  view,  having  a 
device  on-site  handling  patient  data  in  a 
way  he  couldn't  manage  or  encrypt  was 
unacceptable.  "I  can't  just  have  a  worksta¬ 
tion  dropped  at  my  door  and  everything’s 
hunky-dory,”  he  says. 

Using  HIPAA  to  insist  <  1  higher  security 
standards  has  worked  out  for  Thomas  and 
his  team.  “I’ve  had  some  vendors  who've 
done  it  their  way  for  20  years  keel  over 
I  do  it  the  way  we  wanted,"  he  says. 

HIPAA  works  as  a  big  stick  only  for  those 
industries  that  fall  within  its  domain.  But 
nearly  every  industry  has  state  or  federal 
regulat  _s  it  must  answer  to,  id  beyond 
that,  a  regime  of  contractual  agreements. 
For  instance,  any  organization  that  takes 
credit  card  payments  directly  lust  comply 


with  the  Payment  Card  Industry  Data  Se¬ 
curity  Standard  (PCI  DSS). 

Then  there  are  contracts  with  business 
partners  and  clients.  For  example,  at  ad 
agency  Kirshenbaum  3ndSenecal  + 

Partners,  CIO  Matt  Powell  can  refer  to 
client  ontracts  when  he  needs  to  rein  in 
employees’  enthusiasm  for  new  cloud- 
based  products.  When  the  creative  team 
recently  sought  to  start  using  a  cloud- 
based  imaging  system  that  integrates  with 
Adobe  Photoshop,  Powell  said  no  because 
the  new  software  would  give  the  provider 
access  to  client  data.  “If  it  moves  out  of  our 
ecosystem,  it  creates  a  contractual  issue," 
he  says.  Worse,  some  cloud  providers  have 
terms  of  service  that  give  them  the  right  to 
reuse  any  uploaded  data,  s<  nething  that’s 
clearly  out  of  bounds  for  anything  belong¬ 
ing  to  clients. 

In  such  situations,  Powell  may  work  to 
find  a  solution  by,  for  instance,  obtaining  a 
written  exception  to  the  contract  from  the 
agency  client.  But  that  works  only  some  of 
the  time.  “If  the  organization  or  technology 
provider  hasn’t  structured  their  product  in 
a  way  that  provides  the  appropriate  legal 
and  technical  protection,  it  becomes  diffi¬ 
cult  to  work  with  that  product,"  he  says.  /•;.  .  # 

When  that  happens,  the  internal  conver-  : 
sation  can  be  difficult,  but  Powell  says  it’s 
easy  to  make  his  point:  “My  response  is, 

’Do  you  like  your  paycheck?  It  comes  fromi,' 
clients  writing  us  checks,  and  if  a  Client  V>-  \ 

fires  us  for  being  in  breach  of  contract,- it 
becomes  harder  to  pay.’” 

-  MINDA  ZETLIN 


COMPUTERWORLD.COM  17 


COVER  STORY 


ESTABLISH  A  TECHNOLOGY 
RISK  PROFILE 

Your  corporate  leaders,  working  with  your 
company’s  financial  advisers,  have  undoubtedly 
determined  what  their  “risk  appetite”  is  when 
it  comes  to  investments  —  how  much  loss  they 
are  willing  to  risk  in  pursuit  of  financial  gain.  They’ve  likely  done 
the  same  for  their  personal  investments. 

It’s  time  to  look  at  technology  through  the  same  lens.  Peters- 
mark  suggests  that  IT  could  go  to  the  C  suite  and  say,  “We’ve 
done  some  thinking  about  it  and  we  can  make  a  bigger  splash  in 
the  marketplace  if  we  are  a  little  more  open  to  risk.  And  we’d  like 
you,  Mr.  or  Ms.  CEO,  to  help  us  think  about  it  and  give  us  a  place 
on  the  continuum  between  market  impact  and  business  gain  to 
risk  of  business  loss.” 

A  smart  organization  would  take  this  approach,  he  says, 

“rather  than  just  leaving  it  to  the  CIO  to  be  like  Caesar  with  the 
gladiators,  always  pointing  thumbs  up  or  thumbs  down.” 

LEARN  TO  LIVE  WITH  NUANCE 

“If  you  want  to  embrace  the  cloud,  you  have  to  live 
with  ambiguity,”  but  it  takes  a  mature  organization 
to  do  that,  Heiser  says.  “If  the  people  making  the 
decision  truly  understand  that  it’s  a  nuanced  deci¬ 
sion  and  it’s  perfectly  all  right  to  run  an  acceptable 
level  of  risk,  they  can  make  good  decisions.  The  organization  needs 
to  have  a  healthy  culture  that  can  handle  an  ambiguous  decision. 
You  can’t  have  the  CIO  thinking,  ‘If  it  breaks,  it  will  be  my  fault.”’ 

You  should  also  have  a  nuanced  view  of  the  bad  events  that 
could  occur  if  something  goes  wrong,  Heiser  adds.  Target’s  expe¬ 
rience  notwithstanding,  not  all  breaches  are  created  equal.  “Most 
security  failures  are  not  noticed  and  life  goes  on,”  he  says. 

Still,  some  IT  leaders,  careful  of  safeguarding  both  their 
companies’  networks  and  their  own  jobs,  try  to  get  as  close  to 
“secure”  as  they  possibly  can.  “Some  technologists  consider  the 
concept  of  ‘acceptable  risk’  to  be  an  oxymoron.  They’re  perfec¬ 
tionists,”  Heiser  notes.  At  the  other  end  of  the  spectrum  are 
what  he  calls  “fig  leafers”  —  people  who  figure  that  the  standard 
security  provided  is  likely  to  be  good  enough. 

“The  successful  organization  manages  that  conflict,”  he  says. 
“The  answer  is  somewhere  between  these  extremes.” 

START  SHARING  BOTH 
CREDIT  AND  BLAME 

One  profound  problem  with  the  way  technologi¬ 
cal  risk  is  often  managed  is  that  credit  for  the 
good  outcomes  and  the  bad  outcomes  isn’t  fairly 
apportioned.  If  IT  approves  a  new  cloud  service 
that  a  business  department  wants,  and  the  service  increases  sales 
or  otherwise  benefits  the  bottom  line,  then  the  business  depart¬ 
ment  that’s  using  it  will  likely  get  the  kudos  and  perhaps  financial 
rewards  as  well.  On  the  other  hand,  if  the  new  system  leads  to  a 
security  failure  or  other  malfunction,  IT  will  get  all  of  the  blame. 

With  nothing  to  gain  and  a  lot  to  lose,  IT  leaders  might  have 
little  incentive  to  explore  the  risks  and  benefits  of  a  new  product, 
especially  since  they’re  running  in  place  already,  trying  to  keep 
up  with  the  rapid  pace  of  technological  change. 

‘When  you’re  a  CIO,  the  reaction  can  be  ‘wait  a  minute,  I  have 
zero  minutes  to  think  about  this  now.  I’m  just  going  to  say  no,”’ 


Petersmark  says.  “CIOs  get  conditioned  to  doing  that.” 

Ideally,  an  IT  department  that  evaluated  a  new  technology  and 
determined  it  was  a  good  idea  should  reap  some  reward  when 
that  new  technology  has  a  positive  impact  on  the  bottom  line. 
More  important,  IT  shouldn’t  have  to  stand  in  the  spotlight  alone 
if  something  goes  wrong.  And  smart  organizations  are  increas¬ 
ingly  creating  an  environment  where  they  don’t. 

“I’ve  been  in  places  where  risk  compliance  does  fall  on  IT’s 
shoulders,”  says  Michael  Statmore,  CIO  at  Post  University  in 
Waterbury,  Conn.,  which  has  800  on-campus  and  16,000  online 
students.  “We  have  a  culture  that  does  understand  that  we  share 
the  risk.  It’s  grown  over  time,  and  it’s  been  a  concerted  effort  on  my 
team’s  part  to  stress  that  and  really  appeal  to  their  common  sense.” 

Statmore  uses  that  shared  responsibility  to  enforce  decisions 
when  necessary.  “If  someone  wants  to  do  something  and  we  tell 
them  it  might  be  insecure,  they  may  still  want  to  do  it,”  he  says. 
“But  if  I  ask  them,  ‘Are  you  prepared  to  sign  your  name  on  the 
dotted  line  next  to  mine  for  the  risk?’  then  99  times  out  of  100, 
they  say,  ‘No,  I  am  not.’” 

GO  BEYOND  ‘NO’ 

It’s  easy  for  busy  CIOs  and  executives  under  pres¬ 
sure  to  perform  to  stand  firm  in  their  opposing 
views  over  a  disputed  piece  of  technology.  It’s  im¬ 
portant  to  avoid  giving  in  to  this  temptation,  and 
the  best  approach  is  to  find  alternative  solutions 
that  solve  the  business  problem  without  creating  a  security  risk. 

At  Kendra  Scott  Jewelry,  a  jewelry  maker  with  about  200  em¬ 
ployees  that  operates  stores  in  Scottsdale,  Ariz.,  Newport  Beach, 
Calif.,  and  Baton  Rouge,  principal  technology  consultant  Nathan 
Toups  faced  a  dilemma  when  the  finance  department  asked  him 
to  block  Spotify  because  its  bandwidth  use  was  hampering  trans¬ 
mission  speeds.  But  the  music  service  turned  out  to  be  highly 
valued  by  many  Kendra  Scott  employees.  So  Toups  came  up  with 
a  solution:  He  installed  a  high-speed  connection  completely 
separate  from  the  financial  system  and  asked  employees  to  use 
the  new  connection  for  such  services  as  Spotify.  The  move  solved 
several  problems  at  once,  since  the  company’s  Web  and  market¬ 
ing  teams  had  also  been  clamoring  for  additional  bandwidth. 

Taking  a  problem-solving  approach  keeps  everyone  engaged 
and  talking.  When  faced  with  a  request  from  a  business  team, 
your  initial  answer  might  be  no,  but  you  can  follow  that  with  “if 
that’s  what  you  want  to  do,  what  can  we  do  to  make  that  happen?” 
Statmore  says.  “And  then  we  figure  it  out.  It  comes  from  their 
confidence  that  the  conversation’s  not  going  to  stop  there.” 

Having  that  confidence  in  place  is  a  key  to  success,  says  Bart 
Murphy,  CIO  at  CareWorks,  a  workers’  compensation  plan  man¬ 
agement  company  in  Dublin,  Ohio.  Murphy  has  insourced  many  of 
CareWorks’  formerly  outsourced  functions  and  gained  a  lot  of  trust 
from  his  business  colleagues  in  the  process.  “We’ve  done  a  lot  from 
a  delivery  perspective  to  get  that  seat  at  the  table  and  not  be  missed 
on  an  email  or  meeting  —  or  honestly,  be  purposely  bypassed 
because  getting  IT  involved  is  going  to  slow  down  the  process,” 
he  says.  “We  move  extremely  fast.  We’re  fairly  responsive,  and  the 
business  runs  IT.  If  there’s  a  need,  the  need  has  to  be  met.”  ♦ 

Zetlin  is  a  technology  writer  and  co-author  of  The  Geek  Gap:  Why 
Business  and  Technology  Professionals  Don’t  Understand  Each 
Other  and  Why  They  Need  Each  Other  to  Survive.  Contact  her  at 
minda@geekgap.com. 
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GETAGRIPON 

Mobile  Management 


Vendors  are  itching  to  help  IT  leaders  manage  a  slew  of  new  devices. 

How  to  decide?  Consider  what’s  ‘good  enough’  for  what  you  need  now,  but  don’t 

neglect  the  future,  by  Robert  l.  mitchell 


HE  RAPID  PACE  OF  INNOVATION  in  mobile 
devices  and  software  has  made  managing  it  all 
a  moving  target,  but  the  proliferation  of  user- 
owned  devices  at  work  means  businesses  can’t 
wait  to  beef  up  their  support  infrastructure. 

So  how  do  you  choose  the  right  tool  set, 
given  all  the  activity?  It’s  not  easy:  Mobile 


device  management  (MDM)  software  vendors  are  adding  new 
features  every  three  to  six  months,  on  average.  Also,  as  vendors 
have  consolidated  —  most  recently  with  VMware’s  acquisition 
of  AirWatch  —  MDM  tools  have  evolved  into  enterprise  mobile 
management  (EMM)  suites,  all-purpose  Swiss  army  knives 
that  cover  the  gamut  from  device  policy  controls  to  application, 
content,  network  and  service  management. 


THINKSTOCK 


COMPUTERWORLD.COM  19 


MOBILE  &  WIRELESS 


This  year  is  shaping  up  to  be  “the  year 
[big  vendors]  make  a  run  at  enter¬ 
prises  that  want  stability  and  scale,” 
says  Maribel  Lopez,  principal  at  Lopez 
Research.  As  a  result,  now  is  the  time 
to  review  your  EMM  strategy  —  or  to 
develop  one  if  you  haven’t  already. 

If  you  have  not  done  so  yet,  you’re 
probably  not  alone.  In  a  2013  Aberdeen 
Group  survey  of  320  IT  organizations, 

75%  of  the  respondents  said  that  they 
had  bring-your-own-device  (BYOD) 
policies,  but  half  of  those  respondents 
said  that  they  were  taking  an  “anything 
goes”  approach  to  managing  the  mobile 
ecosystem  —  which  is  to  say,  little  or 
no  management  at  all.  “That’s  a  big 
concern,”  says  Andrew  Borg,  who  was 
research  director  at  Aberdeen  when 
the  survey  was  completed.  (He  is  now 
founder  and  principal  of  eC3  Consulting, 
his  own  practice.) 

As  mobility  morphs  from  a  peripheral 
concern  to  a  core  IT  service,  it’s  inevitable  that  more  organiza¬ 
tions  will  move  toward  the  adoption  of  EMM  software.  Here  are 
a  few  things  to  think  about  before  making  that  purchase. 

Put  Your  Current  Needs  Front  and  Center 

Finding  the  right  EMM  tool  set  depends  not  only  on  which  one 
has  the  most  features,  but  which  has  the  feature  sets  that  best 
meet  your  organization’s  requirements. 

“There’s  no  single  list  of  what’s  important  and  what’s  not.  It’s 
all  about  your  use  case,”  says  Philippe  Winthrop,  global  mobility 
evangelist  at  Computer  Sciences  Corp.  “If  you  have  zero  interest 
in  supporting  [a  certain]  mobile  platform,  then  it  doesn’t  matter 
if  the  EMM  has  insane  capabilities  on  that  platform,”  he  says.  So 
start  with  the  business  tasks  you’re  trying  to  support,  figure  out 
what  tools  and  features  are  required,  and  drill  down  from  there. 

For  example,  MDM  policy  controls  are  a  baseline.  But  do  you 
also  need  application  or  content  management?  If  you  have  a 
BYOD  policy,  do  you  need  to  support  both  employees’  personal 
phones  and  company-owned  phones? 

Are  you  using  corporate-owned,  personally  enabled  (COPE) 
phones?  These  are  devices  that  are  owned  by  the  company  and 
can  be  configured  and  managed  just  like  BYOD  devices,  offering 
containerization  or  other  technologies  to  separate  personal  apps 
and  data  from  the  corporate  apps  and  content. 

Do  your  employees  travel  abroad?  If  so,  a  seemingly  esoteric 
feature  like  geofencing  —  which  enables  device  management 
policy  changes  based  on  a  phone’s  GPS  location  —  could  be  key 
to  complying  with  each  country’s  privacy  regulations.  “Having 
an  MDM  that  can  change  the  policy  of  a  device  as  it  crosses  from 
one  country  to  another  is  one  of  those  great  features  that  organi¬ 
zations  don’t  know  they  need  yet,”  says  Daniel  Eckert,  managing 
director  in  the  advisory  practice  at  PricewaterhouseCoopers. 

It’s  also  important  to  understand  whose  devices  you  need  to 
manage.  Is  it  just  employees,  or  do  you  need  to  include  contrac¬ 
tors,  temporary  workers,  business  partners  or  even  customers? 

Then  there  are  the  types  of  devices  you  need  to  manage  — 


either  now  or  in  the  next  few  years.  Yes, 
most  vendors  support  iOS  and  Android, 
but  what  about  Windows  Phone  and  the 
new  Firefox  OS?  If  you  think  those  aren’t 
factors,  consider  that  back  in  2009  no 
one  would  have  anticipated  the  decline 
of  BlackBerry,  Symbian  and  WebOS  — 
or  that  Nokia  would  adopt  Windows 
Phone  as  its  core  platform  because  of  an 
acquisition,  says  Winthrop. 

Another  concern:  Is  the  EMM  suite 
extensible  enough  to  support  other  wire¬ 
less  endpoint  devices,  such  as  mobile 
printers  and  scanners?  “We  even  had  a 
request  for  Google  Glass,”  says  Eckert. 
“And  I  would  expect,  with  wearable 
smart  watches  coming  down  the  pike, 
that  we’ll  see  more  of  those  in  the  enter¬ 
prise  in  the  next  two  years.” 

In  other  words,  “think  beyond  the 
smartphone,”  says  Borg.  As  the  Internet 
of  Things  evolves,  will  you  be  able  to 
manage  endpoints  of  any  type,  whether 
they’re  temperature  or  seismic  sensors?  In  a  fast-moving  market, 
it’s  hard  to  know  what  devices  will  be  popular  a  year  from  now,  so 
make  sure  you  hitch  your  wagon  to  a  vendor  that  will  keep  up  with 
new  endpoints  as  they  become  popular,  Borg  suggests. 

Winthrop  concurs.  “Buy  the  tools  that  allow  you  to  have  the 
flexibility  you  need  to  go  with  the  flow,”  he  says. 

Versatility  in  EMM  software  is  key  in  a  world  where  the  mobile 
operating  systems  and  endpoint  devices  change  every  year,  says 
Michael  DiSabato,  an  analyst  at  Gartner  for  Technical  Profession¬ 
als.  The  fluidity  of  the  environment  makes  the  choice  of  a  tool 
more  of  a  tactical  decision  than  a  strategic  one,  he  adds. 

Suites  Rule 

Look  for  a  suite,  rather  than  choosing  individual  tools  in  a  best- 
of-breed  approach,  says  Lopez.  Administrators  don’t  want  eight 
different  tools  to  manage,  which  is  why  the  market  will  continue 
to  consolidate.  “You’re  looking  for  something  that’s  not  amazing 
at  everything  but  that  is  great  at  some  things  and  good  enough 
for  the  others,”  she  says. 

The  way  some  features  are  delivered  —  and  the  level  of  inte¬ 
gration  —  within  a  suite  can  vary.  Vendors  may  have  developed 
most  capabilities  natively,  but  many  have  acquired  features 
through  acquisition,  or  have  added  them  through  partnerships. 
For  example,  BoxTone  relies  on  Mocana  for  application  contain¬ 
erization,  while  SAP  uses  NitroDesk  TouchDown  as  its  secure 
email  client.  If  a  suite  doesn’t  offer  a  desirable  feature  set  natively, 
make  sure  the  vendor  you  choose  has  a  good  partnering  strategy 
for  the  capabilities  you  need,  says  Lopez. 

“A  single  solution  is  better  for  security,  providing  that  the  user 
experience  doesn’t  get  trashed  in  the  process,”  says  DiSabato. 

But  don’t  be  afraid  to  go  best  of  breed  for  important  capabilities 
if  the  suite  you’re  using  isn’t  up  to  snuff  in  a  key  area.  “We  have 
one  major  customer  with  an  MDM  solution,  but  when  it  comes 
to  mobile  application  management  (MAM)  they’re  looking  for 
best  of  breed,”  Winthrop  says.  “Even  though  the  MDM  offering 
includes  MAM  capabilities  it’s  not  sufficient  for  their  needs.” 


Having  an  MDM  that 
can  change  the  policy 
of  a  device  as  it  crosses 
from  one  country  to 
another  is  one  of  those 
great  features  that 
organizations  don’t 
know  they  need  yet. 

DANIEL  ECKERT,  MANAGING  DIRECTOR,  PWC 
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You  can’t  spend  all  of  your  time  integrating  five  or  six  prod¬ 
ucts,  but  having  one  or  two  is  fine,  says  Lopez,  so  if  you’re  happy 
with  an  existing  tool,  think  about  augmenting  it.  Take  security, 
for  instance.  “Many  regulated  industries  have  Good  Technology 
for  secure  mobile  messaging,  but  they  might  want,  for  example, 
Mobilelron  for  everything  else.”  Or,  she  says,  if  you  really  need  a 
secure  browser  you  may  want  a  suite  that  works  with  Mocana. 

One  potential  drawback  about  choosing  a  suite  over  best-of- 
breed  tools  is  that  some  of  a  suite’s  features  may  fall  behind  com¬ 
peting  offerings  from  smaller,  more  nimble  vendors,  says  Lopez. 

But  large  vendors  such  as  SAP  and  IBM  are  throwing  a  lot  of 
resources  at  their  EMM  suites.  And  the  biggest  vendors  have 
another  advantage:  They  can  provide  enterprise-scale  support, 
integration  and  even  development  services. 

User  Experience  Is  Paramount 

The  BYOD  trend  has  put  the  end  user  in  the  driver’s  seat,  so  it’s 
vital  to  get  hands-on  time  with  the  tools 
before  a  full  deployment.  “The  user 
and  the  employee  are  the  key  arbiters 
of  adoption,”  says  Borg  of  eC3  Consult¬ 
ing.  “Polling  your  employees  about  their 
experiences  is  increasingly  important.” 

“The  only  thing  that  matters  is  the  user 
experience,”  says  Gartner’s  DiSabato. 

Unfortunately,  the  MDM  policy  con¬ 
trols  that  many  businesses  have  put  into 
place  haven’t  fared  well  with  users.  “The 
number  of  companies  we  work  with  who 
say  the  CEO  doesn’t  like  the  MDM  they 
deployed  is  in  the  high  300s  —  out  of 
over  500  clients,”  DiSabato  says.  Things 
like  user  self-provisioning  and  mobile  ap¬ 
plication  delivery  should  be  transparent 
and  scalable,  he  explains. 

Users  should  be  able  to  bring  their 
own  devices  to  work  and  have  them 
comply  with  policy  in  a  way  that’s  not 
onerous  to  them,  says  Borg.  And  if  your 
organization  doesn’t  have  the  expertise 
to  build  a  mobile  support  team  that  can 
rise  to  the  challenge  of  supporting  a  full-featured  EMM  service, 
there  are  cloud-based  services  and  managed  service  providers 
that  can  do  the  job. 

In  fact,  says  Eckert,  cloud-based  EMM  is  one  of  the  most 
important  considerations  for  his  enterprise  clients.  The  others 
are  flexible  pricing  structures,  integration  capabilities  and  mobile 
application  management  features. 

User  interface  design  is  the  next  arms  race,  Borg  says.  “Users 
expect  solutions  to  be  easy  to  use,  intuitive,  and  to  have  basic 
capabilities  supplied  through  self-service,  with  help  just  a  push 
button  or  call  away.  It  should  be  as  easy  to  use  as  Angry  Birds.” 

Converging  Endpoint  Management 

Having  a  multiplatform  strategy  means  more  than  making  sure 
an  EMM  suite  supports  all  flavors  of  mobile  devices  and  mobile 
operating  systems.  While  mobile  is  currently  handled  as  a  sepa¬ 
rate  ecosystem  from  desktops  and  laptops,  the  worlds  are  starting 
to  converge  as  it  becomes  a  core  IT  function.  Some  products 


already  let  you  manage  all  mobile  and  desktop  device  types  from 
a  single  management  console. 

“There  never  should  have  been  a  separate  mobile  management 
suite,”  says  Lopez.  The  traditional  management  suites  missed  the 
boat  early  on.  Now,  she  says,  they’re  extending  those  capabilities 
and  pulling  mobile  back  in. 

“Eventually,  mobile  management  will  cease  to  be  a  separate 
thing  in  the  enterprise  IT  world,”  Winthrop  says,  much  in  the 
same  way  that  wireless  LANs  became  just  another  piece  of  the 
network  management  infrastructure.  “You’ll  see  the  same  with 
mobility  as  time  progresses.” 

For  larger  enterprises,  says  Borg,  “the  top-level  consideration 
should  be  integration  across  the  tools.”  A  single  pane  of  glass,  or 
unified  management  layer,  is  a  distinct  advantage  for  adminis¬ 
trators,  but  it’s  also  easier  for  the  end  users  if  they  have  one  self- 
service  place  to  go  for  all  of  their  endpoint  devices.  Vendors  with 
that  capability  include  AirWatch,  BoxTone,  IBM  and  SAP. 

Future-Proofing 

While  mobile  device  management  is 
mature,  other  elements  of  EMM  are  still 
evolving.  “Now  people  are  all  crazy  about 
mobile  application  management,  but  the 
next  thing  will  be  context,  and  content 
and  data  management,”  Lopez  says. 

Most  enterprises  start  by  controlling 
the  device,  and  then  add  secure  access 
to  business  contacts,  calendar  and  email 
—  along  with  file  sync  capabilities  —  to 
solve  what  DiSabato  calls  “the  Dropbox 
problem.” 

The  next  step,  he  says,  will  be  inte¬ 
grating  mobile  into  business  process 
improvement  and  collaboration.  “How  do 
you  make  a  decision  without  having  to  go 
back  to  the  office  and  fire  up  an  applica¬ 
tion?  That’s  all  rolled  into  EMM  services, 
and  we  think  over  the  next  year  you’ll  see 
a  huge  upsurge  in  this  activity,”  he  says. 

Mobility  management  is  gradually 
moving  toward  workspace  aggregation, 
where  the  user  will  have  access  to  the  same  resources  from  any 
endpoint  device.  For  example,  Citrix  is  attempting  to  provide 
virtual  access  with  its  ShareFile,  XenApp,  XenMobile  and 
XenDesktop  software,  and  VMware  is  taking  a  similar  approach. 

The  goal,  DiSabato  says,  is  to  integrate  virtualization  and  the 
user  experience  “so  that  when  I  write  an  app  in  Windows  and 
access  it  on  a  server  with  an  iPad,  it  goes  from  keyboard-and- 
mouse-centric  to  looking  like  an  iOS  app.  Somewhere  between 
the  app  and  the  iPad,  a  miracle  will  occur.” 

But  the  technology  behind  workplace  aggregation  is  still  evolv¬ 
ing,  something  that  companies  need  to  think  about  before  they 
act.  “Implement  this  now  and  you’d  better  have  a  lot  of  xMaalox 
handy,”  DiSabato  says. 

Given  how  rapidly  mobile  technology  is  moving,  Winthrop 
tells  clients  to  look  for  a  vendor  that  has  the  resources  and 
flexibility  to  adapt  quickly  to  change.  The  key  to  choosing  the 
right  tool  suite,  he  says,  is  to  standardize  on  an  EMM,  but 
“standardize  flexibly.”  ♦ 


The  number  of 
companies  we  work 
with  who  say  the  CEO 
doesn't  like  the  MDM 
they  deployed  is  in  the 
high  300s  -  out  of  over 
500  clients. 

MICHAEL  DISABATO,  ANALYST. 
GARTNER  FOR  TECHNICAL  PROFESSIONALS 
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Big  thinkers 
are  urging 
IT  to  lead 
a  charge 
to  digitally 
remake 
every  aspect 
oftheir 
businesses. 
CIOs  aren’t 
so  sure. 

BY  HOWARD 
BALDWIN 


Attention,  it  leaders:  If  you 

haven’t  yet  heard  the  message 
that  you  should  be  heading  up  a 
charge  to  digitally  transform  your 
organization,  it’s  not  for  lack  of 
trying  from  the  big  tech  consulting  firms. 

Accenture  and  McKinsey  are  touting  “digital 
business,”  instructing  CIOs  to,  respectively,  create 
“a  comprehensive  strategy  that  leads  to  new  ar¬ 
chitectures,  new  services  and  new  platforms”  and 
develop  digital  skills  “not  just  in  marketing  and 
in  sales  but,  increasingly,  in  operations  and  across 
the  whole  value  chain.” 

PricewaterhouseCoopers  is  stressing  “digital 
IQ,”  which  it  defines  as  “a  measure  of  how  well 
companies  understand  the  value  of  technology  ' 
and  weave  it  into  the  fabric  of  their  organization.” 
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Gartner’s  buzzphrase  is  the  “digital  industrial  economy,”  a  vast 
confluence  of  cloud  computing,  social  collaboration,  mobile  tech¬ 
nology  and  data  from  the  “Internet  of  Everything.” 

And  not  to  be  outdone  Capgemini,  in  promoting  “digital  trans¬ 
formation,”  baldly  warns  that  companies  “must  succeed  in  creating 
transformation  through  technology,  or  they’ll  face  destruction  at 
the  hands  of  their  competitors  that  do.” 

Got  all  that? 

Some  IT  leaders,  like  Red  Hat  CIO  Lee  Congdon,  are  already 
on  board.  “Just  as  we  made  the  transition  from  an  agricultural 
society  to  an  industrial  society,  we  are  now  making  the  transition 
to  a  digital  society,”  he  says.  In  that  context,  every  company  will 
be  a  digital  company. 

Of  course,  Red  Hat  is  a  technology  company  to  begin  with. 
Telling  an  agribusiness  or  a  manufacturer  of  power  tools  to  trans¬ 
form  itself  digitally  is  a  different  task.  Most  organizations  have  com¬ 
puters,  software  and  networks,  and  many  have  automated  processes 
and  a  mobile  workforce  —  how  much  more  digital  can  they  get? 


Lots,  says  George  Wester  man,  a  research  scientist  at  the  MIT 
Center  for  Digital  Business.  Digital  transformation  isn’t  about 
computerization,  he  explains.  It’s  about  using  technology  “to 
expand  the  reach  and  performance  of  enterprises”  —  even  those 
that  are  decidedly  analog. 

General  Electric,  for  example,  is  adopting  an  Internet  of 
Things  service  strategy  that  will  help  customers  schedule  main¬ 
tenance  and  avoid  part  failures  on  industrial  GE  products  —  an 
approach  that  improves  GE’s  own  operations. 

Westerman  includes  that  example  in  “Embracing  Digital 
Technology,”  an  MIT  research  report  done  in  conjunction  with 
Capgemini  that  cites  three  potential  benefits  that  could  come  from 
going  digital:  better  customer  experiences  and  engagement,  stream¬ 
lined  operations,  and  new  lines  of  business  or  business  models. 

Co-author  Didier  Bonnet,  senior  vice  president  and  head  of 
global  practices  for  Capgemini,  emphasizes  that  digital  transfor¬ 
mation  goes  beyond  automation.  “It’s  not  just  taking  people  out  of 
the  process,  it’s  increasing  their  effectiveness”  within  the  process, 
he  says.  Specialty  insurer  Chubb,  for  example,  is 
using  “social  business  tools  and  processes  ...  to 
develop  products  and  understand  risks  rapidly  as 
new  markets  emerge,”  the  report  notes. 


Just  as  we  made  the  transition  from  an  agricultural 
society  to  an  industrial  society,  we  are  now  making 
the  transition  to  a  digital  society. 

LEE  CONGDON,  CIO,  RED  HAT 


Digitalization  in  the  Real  World 

Roger  Seshadri  was  lucky  enough  to  have  an 
experience  most  CIOs  only  dream  of:  Building 
a  fully  digital  organization  from  the  ground  up. 
Seshadri  is  the  former  CIO  of  Melco  Crown 
Entertainment,  a  partnership  that  built  a  massive 
gaming  and  hospitality  complex  in  Macau  (he 
continues  to  work  as  an  IT  consultant  for  the 
company).  He  deployed  an  IP  infrastructure  that 
encompassed  every  facet  of  the  complex:  audio, 
video,  cameras,  wireless,  mobile  and  more. 

Guests  can  use  an  iPad  to  control  the  temper¬ 
ature  in  their  room,  open  the  curtains,  browse 
the  wine  list  or  find  a  service.  They  use  kiosks 
to  redeem  points  on  loyalty  cards.  Using  digital 
gaming  systems,  dealers  can  accommodate  120 
baccarat  players  at  a  time,  instead  of  the  usual 
six  at  a  table.  Depending  on  the  time  of  day,  the 
casino  can  configure  slot  machines  to  accept 
different  amounts  with  each  spin. 

Even  CIOs  without  the  luxury  of  starting 
from  scratch  with  a  “greenfield”  situation  are 
interested  in  digital  transformation. 

To  Phil  Fasano,  CIO  at  Oakland,  Calif.-based 
healthcare  provider  Kaiser  Permanente,  digi¬ 
talization  means  applying  technology  to  offer 
services  that  simply  weren’t  possible  before.  His 
example:  allowing  patients  to  interact  with  a 
physician  via  video  “rather  than  taking  three 
hours  out  of  their  day  to  visit  a  facility”  —  a 
capability  that’s  now  in  the  planning  stages. 

“Every  company  is  already  a  digital  company, 
even  if  they  don’t  perceive  themselves  to  be 
one,”  Fasano  maintains.  “People  open  a  mobile 
device  and  become  a  digital  consumer.  They 
may  even  be  your  own  employees.  You  have  to 
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think  about  every  aspect  of  what  you  do 
through  the  lens  of  being  digital.  Digital 
offers  you  the  opportunity,  like  PCs  did, 
to  reimagine  the  work  that  you  do.” 

Red  Hat’s  Congdon  concurs.  “Even  if 
you  are  a  traditional  company  making 
Sheetrock,  you’ll  be  a  digital  company, 
because  your  supply  chain,  your  market¬ 
ing,  your  logistics,  your  product  changes, 
your  collaboration,  will  be  digital.  You 
ignore  the  trend  at  your  peril.” 

Fully  Digital?  Not  So  Fast 

Not  every  IT  leader  agrees,  however. 

Phil  Bertolini,  CIO  of  Oakland  County, 

Mich.,  which  has  been  highly  ranked 
for  providing  digital  capabilities,  believes  that  every  organiza¬ 
tion  will  have  a  digital  component,  even  if  it’s  only  email,  but 
being  “fully  digital”  isn’t  necessary  for  every  entity.  “Does  a  street 
vendor  need  a  CRM  program?”  he  asks.  “They  may  do  online 
banking,  and  they  may  get  their  business  license  online,  but  they 
don’t  need  a  bigger  digital  footprint  than  that.” 

The  Capgemini/MIT  study  divides  companies  into  four 
quadrants:  digirati  (also  known  as  digital  masters),  fashionistas, 
beginners  and  conservatives.  While  Bertolini  considers  Oakland 
County  to  be  a  digital  master,  he  says  some  rural  governments 
are  still  on  the  bottom  part  of  the  quadrant  and  are  likely 
content  to  stay  there  for  many  years.  “They  don’t  have  much  of  a 
population  to  serve.  They  can  stay  [in  the  conservative  quadrant] 
because  they  can  still  do  things  with  a  pencil  and  paper.” 

In  both  the  private  and  public  sectors,  Bertolini  sees  a  lot  of  fash¬ 
ionistas,  which  the  study  defines  as  those  who  have  experimented 
with  sexy  applications  that  don’t  always  create  value.  As  the  report 
says,  “While  [these  efforts]  may  look  good,  they  are  not  implement¬ 
ed  with  the  vision  of  gaining  synergies  among  the  items.” 

In  other  words,  “it’s  wonderful  to  do  something  whiz-bang, 
but  if  you  can’t  build  it  [into  your  existing  systems]  and  make  it 
sustainable,  you’re  a  fashionista,”  Bertolini  says. 

Pete  DeLisi,  academic  dean  of  the  IT  leadership  program  at  Santa 
Clara  University,  says  digital  transformation  is  at  best  just  one  piece 
of  a  larger  puzzle.  The  MIT/Capgemini  study  “shows  that  digital 
capabilities  correlate  with  good  performance,  but  what  caused 
those  attributes  in  the  first  place?  Companies  that  are  well  managed 
perform  better  than  those  that  are  not,”  he  argues. 

A  longtime  IT  and  strategy  consultant,  DeLisi  says  digital  trans¬ 
formation  alone  can’t  make  great  companies.  “You  can’t  control  for 
other  variables,”  he  explains.  “There  could  have  been  strong  leader¬ 
ship,  great  people,  strategic  capabilities,  a  strong  corporate  culture. 
There’s  no  way  you  can  isolate  those  things.” 

Obstacles  to  Digital  Perfection 

Likely  to  no  one’s  surprise,  inertia  is  the  No.  1  roadblock  to  digital 
transformation.  Some  63%  of  1,500  corporate  workers  surveyed 
by  Capgemini/MIT  said  the  pace  of  technological  change  in  their 
organizations  is  too  slow.  Only  about  one-third  of  the  respon¬ 
dents  said  that  senior  leaders  in  their  organizations  have  put 
forth  a  vision  for  digital  transformation. 

Another  big  obstacle  to  becoming  digital  is  getting  others  on 
board.  “When  a  high-level  operations  executive  doesn’t  see  a  return 


on  technology,  it’s  difficult  to  manage,” 
Seshadri  says.  “IT  has  to  do  a  lot  of  proof 
of  concepts  to  provide  evidence  that  tech¬ 
nology  has  value.” 

Other  obstacles  can  crop  up  in  the 
following  areas: 

■  Funding.  “It’s  always  better  if  you 
have  more  money,”  says  Fasano.  “You  just 
have  to  be  effective  at  utilizing  it.  You  can 
only  go  at  the  pace  you  can  afford.” 

Bertolini  concurs.  “Money  may  [slow 
down]  how  far  and  how  fast  you  go,  but 
it  shouldn’t  stop  you  from  getting  there,” 
he  says.  “During  the  tough  economic 
times  we  had  in  Michigan,  we  tightened 
our  belts  but  still  found  ways  to  innovate 
and  invest  in  technology.”  For  example,  he  says,  a  manager  could 
ask  a  current  employee  to  undertake  limited  social  media  efforts 
without  hiring  someone  new. 

■  Staffing.  Ideally,  digital  transformation  should  encompass 
multiple  skill  sets  —  cloud,  mobile  and  social  to  start  —  not  to 
mention  the  traditional  disciplines  of  project  management  and 
change  management.  All  of  which  can  make  staffing  a  challenge. 

“There  is  a  global  war  for  talent,  for  people  who  can  execute  in 
the  digital  domain,”  says  Congdon.  “You  need  to  think  about  how 
to  attract  people  who  can  help  you  get  to  the  right  level  of  tech 
sophistication,  especially  when  you’re  competing  with  marquee 
technology  firms  like  Google  and  Netflix.” 

■  Interoperability.  An  organization  can’t  be  fully  digital  until 
all  of  its  systems  can  communicate  with  one  another  —  and 
ideally  with  those  of  its  business  partners  as  well.  Linda  Trow¬ 
bridge  is  CEO  for  Center  for  Elders’  Independence,  an  Oakland, 
Calif.-based  elderly  care  provider  that’s  investing  significantly 

in  an  electronic  health  record  system.  “It  would  help  if  we  have 
access  to  medical  records  in  the  hospital,  but  we  don’t,”  says 
Trowbridge.  “It’s  not  that  the  technology  can’t  do  it.  It’s  that  the 
organizations  have  not  agreed  upon  a  framework.” 

Change  Is  the  Only  Constant 

For  all  his  bullishness,  even  Congdon  has  some  concerns  about 
striving  for  digital  mastery.  “It’s  risky  to  assume  in  advance  that 
you  know  where  you  want  to  end  up,”  he  says.  “You  can  take 
[one]  approach  to  solving  a  problem,  but  will  the  problem  still  be 
relevant  in  five  years?  You  may  want  to  make  multiple  bets.” 

Innovation  balanced  by  caution  is  not  a  bad  idea.  “Sometimes 
you’ll  need  to  be  a  fast  follower,”  Congdon  adds.  “If  you’re  con¬ 
strained  because  of  regulations  or  resources,  it  may  not  make  sense 
to  be  a  pioneer,  because  the  risks  will  be  larger  than  the  rewards.” 

In  charting  a  course  toward  digital  transformation,  then,  IT 
leaders  need  to  remember  the  business  and  technology  landscape 
is  constantly  changing.  MIT’s  Westerman  concedes  that  “digital 
will  mean  something  different  in  10  years.” 

That  means  IT  pros  will  have  to  build  the  kind  of  digital  infra¬ 
structure  Seshadri  had  in  Macau  with  an  eye  toward  both  stability 
and  flexibility  —  two  concepts  that  don’t  always  easily  reconcile. 

And  they’ll  have  to  remember  this  cautionary  advice  from 
DeLisi:  “Transformation  is  a  means,  not  an  end.”  ♦ 

Baldwin  is  a  Silicon  Valley-based  freelance  writer  and  frequent 
contributor  to  Computerworld. 


Every  company 
is  already  a  digital 
company,  even  if 
they  don’t  perceive 
themselves  to  be  one. 

PHIL  FASANO,  CIO.  KAISER  PERMANENTE 
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The  Heartburn  of  Heartbleed 

Our  manager  scrambles  to  find  and  fix  any  vulnerable 

resources  after  the  OpenSSL  flaw  is  discovered. 


WHEN  IT  WAS  TIME  to 

write  this  column,  the 
only  thing  on  my  mind 
was  the  OpenSSL  Heart- 
bleed  vulnerability.  If  you 
have  anything  to  do  with  infosec,  it  was 
probably  dominating  your  days  as  well. 

If  by  some  chance  you  haven’t  heard, 
a  vulnerability  was  published  in  early 
April  explaining  a  way  to  take  advantage 
of  a  coding  error  in  the  way  OpenSSL 
keeps  a  session  opened.  The  vulnerability 
allows  for  the  disclosure  of  up  to  64KB 
of  memory,  which  may 
contain  data  such  as  user 
IDs,  passwords,  secret- 
key  material  and  other 
sensitive  data  that  may 
reside  in  memory. 

Sometimes  when  a  high-profile  securi¬ 
ty  vulnerability  is  released,  I  try  to  gauge 
the  hype  against  reality.  For  Heartbleed, 

I  got  my  hands  on  exploit  code  and  ran  it 
against  some  servers  that  were  running  a 
vulnerable  version  of  OpenSSL. 

The  exploit  code  was  quite  easy  to 
compile  and  run.  You  simply  run  the 
exploit  against  an  IP  address  and  port.  If 
there  is  any  data  in  memory,  the  results 
are  displayed.  The  results  were  amazing. 
For  one  of  our  internal  high-traffic  Web 


servers,  I  ran  the  exploit  several  times 
before  I  was  able  to  capture  a  username, 
but  that  was  still  all  the  convincing  I 
needed  to  take  action.  My  priorities  at 
that  point  were  to  check  on  the  security 
of  my  company’s  products  and  services, 
our  internal  infrastructure  and  the  many 
systems  we  use  that  are  provided  by 
vendors,  especially  software-as-a-service 
(SaaS)  offerings. 

I  was  relieved  to  find  that  our  customer 
service  organization  was  already  iden¬ 
tifying  all  of  our  products  that  use  the 
vulnerable  version  of 
SSL.  That  team  is  reme¬ 
diating  all  products  and 
services,  and  we  have 
placed  an  announce¬ 
ment  on  our  support 
portal  so  our  customers  know  the  status 
regarding  this  vulnerability.  I  will  follow 
up  with  independent  assessment. 

Next  on  the  list  was  our  internal 
infrastructure.  This  includes  routers, 
switches,  firewalls  and  other  network 
and  security  devices,  as  well  as  internal 
applications  and  servers.  Our  approach 
here  was  two-pronged:  First,  ask  each 
vendor  about  any  known  vulnerable 
products  or  services.  Second,  conduct 
scans  of  our  IP  address  space. 


the  discussions  about 
security!  computerworld.com/ 
blogs/security 


With  high-profile  security  vulnerabilities, 
l  try  to  gauge  the  hype  against  reality. 


Trouble 

Ticket 


\\  Heartbleed 

//  is  a  major  vulnerability 
that  needs  immediate 
attention. 


/  Set  priorities  and 
systematically  check 
everything. 


The  scanning  took  quite  a  while. 

We  wanted  to  be  thorough,  so  we  used 
Nessus  to  scan  all  the  ports  of  every  IP 
address  —  a  total  of  65,535  ports. 

Finally,  we  contacted  all  of  our  vendors, 
notably  the  providers  of  the  150  or  so  SaaS 
applications  we  use.  To  speed  this  process, 
I  gave  each  in-house  application  owner  an 
email  template  for  the  queries.  For  imme¬ 
diate  peace  of  mind,  I  also  had  my  team 
run  a  tool,  provided  by  one  of  the  certifi¬ 
cate  vendors,  against  all  SSL-enabled  Web 
services.  The  tool  indicated  whether  a  site 
was  potentially  vulnerable  by  retrieving 
certificate  information  from  the  server, 
which  included  the  version  of  SSL. 

What  we  have  found  out  so  far  has  been 
interesting,  and  at  times  alarming.  Many 
of  our  network  and  security  vendors  have 
issued  statements  regarding  vulnerable 
infrastructure  we  use,  and  some  have 
already  issued  patches.  Other  vendors  are 
still  assessing  the  situation.  Scans  of  our 
internal  infrastructure  yielded  quite  a 
number  of  servers  that  are  vulnerable.  In¬ 
terestingly,  we  discovered  that  more  than 
300  resources  that  run  Windows  Server 
are  vulnerable.  That  had  us  scratching 
our  heads  until  we  realized  that  it  was 
the  Integrated  Lights  Out  board,  used  for 
remote  server  management,  that  was  vul¬ 
nerable.  We  are  working  with  the  vendor 
to  obtain  a  patch. 

We  also  discovered  some  40  vulner¬ 
able  servers  on  our  PC  network.  This  was 
traced  to  users  who  were  running  vul¬ 
nerable  virtual  machines  on  their  PCs. 

The  work  continues,  and  I  will  provide 
status  reports  to  our  executive  staff  on 
a  weekly  basis  until  all  issues  have  been 
remediated.  ♦ 

This  week’s  journal  is  written  by  a  real 
security  manager,  “Mathias  Thurman,” 
whose  name  and  employer  have  been 
disguised  for  obvious  reasons.  Contact  him 
at  mathias_thurman@yahoo.com. 
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Windows  8.1  Update  1, 
Now  With  Less  Annoyance! 


The  best  I 
can  say  for 
Update  1  is  it 
sucks  less. 


Steven  J.  Vaughan- 
Nichols  has  been 
writing  about 
technology  and  the 
business  of  technology 
since  CP/M-80  was 
cutting-edge  and 
300bps  was  a  fast 
Internet  connection  - 
and  we  liked  it! 
He  can  be  reached  at 
sjvn@vnal.com. 


SOME  DISASTERS  ARE  EASY  TO  SEE  COMING.  All  you  had  to  do  was 

look  at  Windows  8  and  its  Metro  —  excuse  me,  Modern  —  interface 
back  in  its  beta  days  and  you  knew  it  was  going  to  fly  like  a  pigeon 
with  concrete  overshoes.  Years  went  by  and  Windows  8.1  was  — 
better,  but  still  basically  awful.  Now  Windows  8.1  Update  l  is  here, 


and  I’ve  been  trying  it  for  the  past  few  weeks  and, 
ah,  the  best  I  can  say  is  it  sucks  less. 

First,  the  good  news:  If  you  install  Windows 
8.1  Update  1  on  a  PC  without  a  touchscreen,  it 
actually  boots  to  the  desktop!  Since  the  Modern 
interface  is  just  an  annoyance  without  touch,  this 
is  a  nice  improvement. 

That  said,  this  change  reminds  me  yet  again  that 
Modern  really  is  for  touch-enabled  PCs.  It’s  awful 
on  a  traditional  desktop.  It  also  reminds  me  that  if 
I  want  touch  functionality,  I  want  it  on  a  tablet  or 
smartphone,  not  on  a  screen  where  I  have  to  waste 
time  raising  my  hand  from  the  keyboard  to  do  a  job. 

Another  change:  The  Modern  apps  now  have 
title  bars  and  taskbars.  This  makes  them  mar¬ 
ginally  more  usable  for  people  who  have  used 
Windows  for  years.  But  it  brings  out  another 
Windows  8.x  annoyance:  The  new  title  bars  and 
taskbars  don’t  look  and  work  quite  like  their  pre¬ 
decessors,  the  ones  you’ve  used  for  years. 

Change  for  the  sake  of  change,  which  is  how 
I’ve  always  seen  Windows  8.x,  is  not  a  way  for  any 
product  to  endear  itself  to  people  who  used  earlier 
versions  for  decades.  Sure,  there  were  jumps  from 
Windows  3.1  to  Windows  98  to  Windows  2000 
to  XP  to  Windows  7,  but  none  of  them  required 
you  to  relearn  the  entire  desktop  experience  to  be 
productive. 

For  example,  if  you’re  in  desktop  mode  and  you 
click  on  an  image,  now  you  get  to  view  the  image 
in  Windows  Photo  Viewer  instead  of  the  Metro 


Photos  app.  Yay!  But,  if  you’re  on  the  desktop  and 
you  double-click  a  PDF  file,  Metro  Reader  opens 
it  up  for  you.  Boo!  Is  interface  consistency  really 
that  hard,  Microsoft? 

Moving  along,  Internet  Explorer  11  still  doesn’t 
impress  me.  Does  anyone,  by  the  way,  find  it  more 
than  a  little  off-putting  that  security  holes  keep 
appearing  that  affect  everything  from  IE6  to  IE11 
despite  the  fact  that  Microsoft  keeps  saying  that 
it  has  improved  the  security  of  its  browser?  On 
the  other  hand,  IE11  now  at  least  has  tabs  and  an 
address  bar  by  default  again  —  but  why  they’re  at 
the  bottom  of  the  display  is  totally  beyond  me. 

I’d  really  hoped  to  see  the  Start  menu  come 
back  in  this  update.  I  was  disappointed.  Instead, 
all  the  Start  button  does  is  throw  you  into  the 
Modern  interface.  Again,  this  is  never,  ever  where 
I  want  to  be.  It  now  appears  —  and,  oh,  how  we 
hope!  —  that  we’ll  get  a  “new”  (read,  “old-style”) 
Start  menu  in  August  or  September. 

What’s  a  devoted  Windows  user  to  do?  Well,  if 
you’re  already  on  Windows  8,  you  poor  devil,  you 
should  go  ahead  and  “upgrade”  to  Windows  8.1 
as  fast  as  possible.  After  all,  it’s  not  like  Microsoft 
is  going  to  give  you  any  choice  in  the  matter.  If 
you’re  on  Windows  7,  stick  with  it.  If  you’re  using 
anything  older,  move  to  Windows  7. 

If  you’re  not  so  devoted  and  want  to  try  living 
outside  the  Microsoft  world,  I  recommend  Chrome- 
books  or  Linux  distributions  with  a  Windows  XP-like 
look  and  feel,  such  as  Linux  Mint  with  Cinnamon.  ♦ 
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MARKETPLACE 


dtSearch 


The  Smart  Choice  for  Text  Retrieval®  since  1991 


Instantly  Search 
Terabytes  of  Text 

25+  fielded  and  full-text  search  types 

dtSearch's  own  document  filters  support  "Office,"  PDF, 
HTML,  XML,  ZIP,  emails  (with  nested  attachments),  and 
many  other  file  types 

Supports  databases  as  well  as  static  and  dynamic  websites 
Highlights  hits  in  all  of  the  above 
APIs  for  .NET,  Java,  C++,  SQL,  etc. 

64-bit  and  32-bit;  Win  and  Linux 

Ask  about  fu/ly-functional  evaluations 

www.dtSearch.com  i-800-it-finds 


.  *  J  . 

''lightning  fast" 

Redmond  Magazine 

'covers  all  data  sources' 

eWeek 

"results  in  less  than  a  second' 

InfoWorld 

hundreds  more  reviews 
and  developer  case  studies 
at  www.dtsearch.com 


dtSearch  products: 

Desktop  with  Spider 
Network  with  Spider 
Publish  (portable  media) 

Web  with  Spider 
Engine  for  Win  &  .NET 
Engine  for  Linux 

Document  filters  also  available 
for  separate  licensing 


Make  the  Most  Out  of  Your  Advertising  Budget. 

Reach  Computerworld’s  Targeted  Audience. 

« 

94%  of  those  surveyed  said  they  take  one  or  more  actions  as  a  result  of  seeing  an  advertisement, 

with  75%  visiting  an  advertiser's  website.* 


The  Marketplace  section  of 


COMPUTERWORLD 


Source:  ‘Harvey  Ad  Measurement  Study, 
Computerworld  May  10, 2010 


Contact  Enku  Gubaie  for  more  details. 
508.766.5487 

egubaie@idgenterprise.com 
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Q&A 

David  Martin 
&  Kathy  Quinn 

The  co-founders  of  business- 
growth  consulting  firm  Growth 
Vault  discuss  how  IT  can  be 
influential  within  a  business. 


Is  IT  seen  as  influential  within  the  enterprise? 

DM:  It  depends  on  the  organization.  If  it’s  a  technology  com¬ 
pany,  then  absolutely.  Otherwise,  IT  historically  has  not  been  as 
influential  as  other  areas  that  are  more  closely  tied  to  revenues, 
like  marketing  and  sales.  However,  given  how  ubiquitous  technol¬ 
ogy  is  today,  a  company  that  is  not  being  influenced  by  IT  is  likely 
to  be  at  a  competitive  disadvantage. 

It  is  almost  impossible  today  to  have  smooth  and  high-quality 
interactions  with  customers,  to  run  a  company’s  internal  operations, 
to  communicate  effectively  within  the  company  or  to  access  impor¬ 


tant  information  to  make  good  business  decisions  unless  technology 
is  advanced.  Technology  is  at  the  core  of  any  company’s  customer 
strategy,  operations  and  execution  strategy,  sales  strategy,  financial 
strategy,  etc.  No  company  can  run  effectively  without  technology 
capabilities  that  lead  or  match  its  core  business  capabilities. 

KQ:  IT  can  build  influence  in  organizations.  We’ve  seen  this  hap¬ 
pen  for  a  couple  of  reasons.  The  first  is  that  IT  leadership  has  done  a 
good  job  linking  the  business  strategy  with  IT.  There’s  a  recognition 
that  successful  execution  of  the  business  strategy  depends  on  fabu¬ 
lous  IT  capabilities  and  execution.  When  that  happens,  IT  isn’t  just  a 
cost  center.  It  can  become  a  strategic  advantage  to  better  execution. 

The  second  instance  is  when  customer  interactions  are  facilitat¬ 
ed  by  technology.  If  purchasing  and  customer  service  interactions 
almost  always  have  an  electronic  option,  IT  shines  in  a  better  light. 

What's  the  best  way  for  IT  leaders  to  become  more  influen¬ 
tial  within  the  business? 

DM:  This  is  simple:  Be  a  business  leader  who  happens  to  be  an 
expert  in  IT,  not  an  IT  expert  who  happens  to  work  in  a  business. 
Focus  on  the  important  business  results  you  can  help  your  com¬ 
pany  produce,  accelerate  and  improve.  Show  how  IT’s  work  accel¬ 
erates  the  execution  of  core  business  strategies. 

KQ:  Technology  leaders  can  get  so  geeked  out  by  how  they  do 
what  they  do  that  other  business  leaders  think  they  don’t  under¬ 
stand  what  matters.  They  make  themselves  outcasts  who  don’t  get 
invited  to  participate  in  the  business-critical  conversations.  Your 
peers  don’t  care  nearly  as  much  as  you  do  about  the  latest  tech¬ 
nology  release  or  the  way  your  team  is  structured. 

Just  how  influential  can  IT  be? 

DM:  Look  at  ING  Direct.  It  was  founded  as  a  direct  bank  -  no 
branches  -  so  technology  was  a  core  part  of  its  business  strategy, 
not  just  a  support  function.  It  used  technology  as  one  of  its  com¬ 
petitive  advantages  to  greatly  differentiate  itself  from  competitors. 
In  fact,  much  of  its  fast  growth  was  a  result  of  attracting  a  technol¬ 
ogy-savvy  clientele  away  from  traditional  banks. 

Other  banks  viewed  technology  as  a  tool  to  help  them  accomplish 
their  core  banking  work  of  accepting,  holding  and  distributing  funds, 
many  times  through  face-to-face  interactions  with  customers.  ING 
Direct  viewed  technology  as  a  source  of  competitive  advantage.  So 
IT  can  be  very  influential  and  really  drive  a  company’s  success. 

-  Jamie  Eckle 


5  Pointers  for  Resumes  That  Resonate 

Some  of  the  latest  trends  in  r6sum£  writing  are  especially  relevant  for  IT  professionals.  Suzana  Simic, 
director  of  career  development  at  the  Computer  Systems  Institute,  offers  these  five  tips. 


1 

Create  a 
video  r£sum6. 

Technology  is 
ever-changing. 
Show  your  next 
employer  that  you 
are  in  the  know. 


2 

Brand  your 

talents.  Link  to  an 
online  portfolio  of 
your  professional 
achievements, 
your  tech-related 
blogs  or  any  posted 
writing  samples. 


f  3 1 

Don't  bury  your 
certifications. 

IT  professionals  who  not 
only  know  technology  but 
also  have  the  certifications 
to  back  that  up  should  make 
sure  prospective  employers 
know  about  them. 


141 

Don’t  come  off  as  a 
techie's  techie.  Employers 
may  seek  your  tech  skills, 
but  they  want  soft  skills  to 
come  along  with  them.  Talk 
about  how  you  have  worked 
collaboratively  and  helped 
achieve  company  goals. 


5 

Showcase  your  achievements. 

A  lot  of  resumes  list  skill  after 
skill  but  don’t  give  a  sense  of 
what  the  individual  has  done 
with  them.  Don’t  be  shy  about 
explaining  how  your  expertise 
in  technology  has  resulted  in 
revenue  gains  or  cost  reductions. 
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IT 


careers 


Interested  candidates  send 
resume  to:  Google  Inc.,  PO  Box 
26184  San  Francisco,  CA  94126 
Attn:  D.  Racherla.  Please  ref¬ 
erence  job  #  below: 

Software  Engineer  (Cambridge, 
MA)  Design,  develop,  modify, 
and/or  test  software  needed  for 
various  Google  projects.  Exp. 
Inch  #1615.6869:  comp  arch;  op 
syst;  algorithms;  multi-threaded 
program;  comp  graphics;  Java; 
Objective-C  or  C++;  &  Python. 


Data  Engineer  Consultants: 
MStaff,  Chicago  IL:  Travel 
required  to  unanticipated  client 
locations  throughout  the  US. 
Think  Big  Analytics,  Inc.  c/o 
recruiting@thinkbiganalytics.com 

Ref:  Job  951 


Interested  candidates  send 
resume  to:  Google  Inc.,  PO  Box 
26184  San  Francisco,  CA  94126 
Attn:  D.  Racherla.  Please  ref¬ 
erence  job  #  below: 

Software  Engineer  (Seattle,  WA); 
Design,  develop,  modify,  and/or 
test  software  needed  for  various 
Google  projects.  Exp.  Inch 
#1615.8714  formulation  & 
analysis  of  sw  requirements;  sw 
arch  &  design;  C  &/or  C++;  OOP; 
data  structures  &  algorithms;  par¬ 
allel  computing  &  scalability;  dis- 
trib  sys;  cloud  computing;  virtuali¬ 
zation  techniques;  unit  testing; 
debug;  &  drafting  of  engineering 
specifications. 


Interested  candidates  send 
resume  to:  Google  Inc.,  PO  Box 
26184  San  Francisco,  CA  94126 
Attn:  D.  Racherla.  Please  ref¬ 
erence  job  #  below: 

Site  Reliability  (New  York,  NY) 
Provide  technical  support  nec¬ 
essary  to  ensure  full  availability 
of  Google  online  services.  Exp. 
Inch  #1615.6318  C,  C++,  &/or 
Java;  Python,  Perl,  Shell,  &/or 
PHP;  UNIX  &/or  Linux;  analysis 
&  troubleshoot  of  large-scale  dis- 
trib  sys;  &  IP  networking,  network 
analysis,  &  handling  of  perf  & 
application  issues  using  std  open 
source  tools  for  analyzing  pack¬ 
ets  &  detecting  sw/hw  failures, 
such  as  tcpdump  &  strace. 


Interested  candidates  send 
resume  to:  Google  Inc.,  PO  Box 
26184  San  Francisco,  CA  94126 
Attn:  D.  Racherla.  Please  ref¬ 
erence  job  #  below: 

Software  Engineer  (Cambridge, 
MA)  Design,  develop,  modify, 
and/or  test  software  needed  for 
various  Google  projects.  Exp. 
Inch  #1615.646  comoilers. 
debuggers  &  cross-compiling 
tool-chains;  reliability,  latency  & 
load-balancing  in  distrib  syst; 
digital  signal  processors;  tech¬ 
niques  for  metraprogram;  reac¬ 
tive  systems  &  asynchronous  I/O; 
agile  sw  dvlpmnt;  framewks  for 
unit-test  &  continuous  integration; 
Ig-scale  distributed  sw  proj;  build 
specialized  dvlpr  tools;  &  serving 
data  to  enterprise-scale  demand. 
Travel  Req’d. 

Interested  candidates  send 
resume  to:  Google  Inc.,  PO  Box 
26184  San  Francisco,  CA  94126 
Attn:  D.  Racherla.  Please  ref¬ 
erence  job  #  below: 

Software  Engineer  (Kirkland, 
WA)  Design,  develop,  modify, 
and/or  test  software  needed  for 
various  Google  projects.  Exp. 
Inch  #1615.3506  Java.  C#.  or 
C++  JaScript;  front-end  dev;  web 
services;  distrib  syst;  OOP;  & 
AJAX,  XML,  HTML,  &  CSS. 
Software  Engineer  in  Test 
(Kirkland,  WA)  Design,  develop, 
modify,  and/or  test  software 
needed  for  various  Google  pro¬ 
automation  dvlpmnt  for 

testing;  Java,  C++,  or  C#;  perf 
test  dev;  &  back-end  and  srvr 
testing.  Trvl  req’d. 

BlackBerry  Corporation,  San 

Diego,  CA,  position  is  avail¬ 
able:  CA7089  -  Radio  Protocol 

Developer 

Mail  resume  specifying  job 

title,  Requisition  #CA7089  and 

academic  transcripts  to 

BlackBerry  Corporation,  P.O. 

Box  141394,  Irving,  TX,  75014- 

1394  U.S.A. 

Openings  at  Suwanee,  GA,  but 

may  relocate  to  unanticipated  cit¬ 
ies  across  the  country  per  con¬ 
tract  demand:  SOA/Integration 

Architect  (#0214SOA): 

Requirements  analysis,  devel¬ 
opment,  testing  and  implemen¬ 
tation.  Senior  QA  Analyst 

(#0214QA):  Develop  &  execute 

software  test  plans.  Fax  resume 

w/CL  referencing  job  code  to 

President,  Veracity  Consulting 

LLC  at  404-464-0797. 

Nisum  Technologies,  has  multiple 
openings  for  the  following  posi¬ 
tions  at  its  office  in  Brea,  CA. 
•Technical  Lead:  Design,  develop 
and  test  software  systems. 

•Sr.  QA  Engineer:  plan  and  con¬ 
duct  analysis,  inspection,  design, 
test  and/or  integration  to  assure 
quality  of  projects. 

•QA  Engineer:  Assist  in  analysis, 
design,  test  and/or  integration  of 
projects. 

•Sr.  Application  Developer: 
design,  develop,  maintain  &  test 
software  applications/systems. 
Analyze  customer  requirements 
&  custom  design  systems  as 
needed. 

•Programmer  Analyst:  Analyze, 
develop  &  write  codes  to  imple¬ 
ment  system  applications. 

Job  requires  min.  of  M.S./foreign 
equiv.  +  exp.,  M.S./foreign  equiv., 
or  B. S./foreign  equiv.  +  exp.. 
Education/Experience  require¬ 
ments  vary  depending  on  posi¬ 
tion  level/type.  Travel/relocation 
required.  Send  resume  and  sal¬ 
ary  history  &  position  applied  for 
to:  Nisum  Technologies,  500  S. 
Kraemer  Blvd.,  Brea,  CA  92821. 
Attn:  H.R,  Manager. _ 


Place  your  Labor  Certification  Ads  Here! 

Let  us  help  you  put  together  a  cost-effective  program  that  will 
make  this  time-consuming  task  a  little  easier. 

Contact  US  at  888.455.4646 


Attention  Law  Firms,  IT  Consultants,  Staffing  Agencies... 

Are  you  frequently  placing  legal  or  immigration  advertisements? 
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SHARK!/'  NK 

TRUE  TALES  OF  IT  LIFE  AS  TOLD  TO  SHARKY 


wasn’t  working.  I  then  suggested  he 
look  at  my  calendar  through  his  own 
email  client  so  I  could  demonstrate 
the  problem,  but  he 
couldn’t  get  his  email 
to  open.  Finally,  l 
asked  what  l  should 
do.  His  suggestion: 
Call  everyone  to 
tell  them  the  new 
start  time.  As 
lb,  in,  call  dozens 
of  people 
L  /  over  the 

phone.  When 
l  described 
the  amount  of 
work  that  would 
entail  as  opposed 
to  simply  moving  the 
start  time  using  my 
calendar  within  email,  he 
just  didn’t  seem  to  understand.” 


X 


: 


£0 


HAL  MAYFORTH 


That's  Not  Helping! 


Company  is  opening  a  new  office  and  this  pilot  fish  gets  the  nod  to  fly  down  in  a  few 
weeks  to  set  up  the  network  and  phones.  “During  the  kickoff  meeting,  the  new  office 
manager  makes  a  point  of  saying  that  the  office  is  not  in  a  good  location,”  says  fish. 
“And  that  they  aren’t  planning  on  bringing  clients  there,  for  security  reasons.  And 
that  the  office  door  will  remain  locked  with  a  security  camera  so  the  receptionist  can 
see  who  she  is  letting  in.  Upon  hearing  this,  l  am  a  little  nervous  about  flying  down, 
but  l  forget  about  it  until  the  time  comes  to  book  flights,  car  and  hotel  reservations.  I 


check  in  again  with  the  office  manag¬ 
er  to  find  out  what  hotel  is  closest  to 
the  office  so  l  can  book  a  room  there. 
On  the  phone,  the  office  manager  tells 
me  he’ll  find  one  where  the  likelihood 
of  getting  mugged  is  the  least!” 

We  Put  the  Work  in 
Workaround 

IT  consultant  pilot  fish  is  managing 
a  big  project  for  a  utility  company, 
and  every  two  weeks  his  team  holds 
a  workshop  to  demo  the  state  of  the 


work.  "There  are  many,  many  at¬ 
tendees,  some  traveling  from  as  far 
as  an  hour  and  a  half  away,  so  it’s  im¬ 
portant  everything  goes  as  smoothly 
as  possible,"  says  fish.  “In  preparing 
for  a  recent  demo,  I  was  having 
problems  with  my  email  client:  it 
wouldn’t  allow  me  to  change  the  start 
time  of  the  meeting.  So  I  called  our 
help  desk.  The  tech  couldn’t  figure 
out  what  the  problem  was.  He  tried 
to  connect  remotely  to  my  laptop  so 
l  could  show  them,  but  his  software 


The  Scenic  Route 

This  hospital  group  has  migrated  to 
a  cloud  network  to  connect  its  sites, 
but  after  a  few  months  it’s  clear  some 
file  transfers  are  taking  more  than 
10  times  longer  than  they  should  be¬ 
tween  sites  in  Wyoming  and  Colorado. 
“I  called  my  counterpart  in  Colorado 
and  he  said,  ‘No  problem  here;  must 
be  your  end,’”  reports  a  pilot  fish 
digging  into  the  problem.  “The  WAN 
manager  said  it  must  be  on  my  end,  as 
his  lines  were  fine.”  Fish  finally  tracks 
the  delay  to  the  link  between  two  spe¬ 
cific  routers  and  sends  his  findings  to 
the  WAN  manager,  who’s  able  to  cor¬ 
rect  the  problem  after  all.  Sighs  fish, 
“Instead  of  routing  directly  from  Wyo¬ 
ming  to  Colorado,  we’d  been  routed 
through  a  maze  in  south  Texas.” 


»  Make  a  direct  link  to  Sharky. 

Send  me  your  true  tale  of  IT  life  at 
sharky@computerworld.com.  You’ll 
get  a  stylish  Shark  shirt  if  l  use  it. 


o 


CHECK  OUT  Sharky’s  blog,  browse  the  Sharkives  and  sign  up  for  home  delivery  at  computenworld.com/sharky. 
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-  OPINION 

JONNY  EVANS 

The  Technology  World's 
Sexism  Needs  to  End 


The  techno¬ 
logy  indus¬ 
try’s  institu¬ 
tionalized 
sexism  helps 
perpetuate 
unacceptable 
behavior. 


Jonny  Evans  is  an 

independent  journalist 
and  blogger.  He  writes 
Computerworld.com's 
AppleHolic  blog  and 
won  an  Azbee  Award 
in  2010. 


HE  TECHNOLOGY  INDUSTRY  IS  SEXIST,  and  it  will  take  years  before 
endemic  discrimination  in  our  workplaces  dissolves. 

In  fact,  it  might  take  decades.  A  2011  Deloitte  report  cites  Catalyst  s 
then-CEO  Ilene  H.  Lang,  who  suggests  that,  when  it  comes  to  the  im¬ 


balance  on  corporate  boards,  “it  could  take  [until 
2075]  for  women  to  reach  parity  with  men”  if 
progress  continues  at  its  current  pace. 

Think  about  what  that  means.  A  21-year-old 
woman  graduating  from  college  this  month 
wouldn’t  see  women  and  men  occupying  an  equal 
number  of  seats  on  corporate  boards  until  she’s  82. 

Lang  was  talking  about  all  industries.  For 
the  tech  industry,  the  situation  is  worse.  A  2013 
Fenwick  &  West  survey  revealed  that  43.3%  of  the 
top  150  Silicon  Valley  companies  had  no  female 
directors,  and  40%  had  just  one.  There’s  a  bit  more 
parity  in  the  economy  as  a  whole:  Of  Standard  & 
Poor’s  top  100  U.S.  companies,  only  2%  have  no 
women  on  their  boards  and  just  13%  have  only  one. 

And  the  problem  isn’t  restricted  to  the  boardroom. 
In  the  2012  U.S.  workforce,  women  held  57%  of  the 
jobs  in  all  professional  occupations,  but  only  26%  of 
the  jobs  in  professional  computing  occupations. 

This  institutionalized  sexism  helps  perpetu¬ 
ate  unacceptable  behavior.  Look  at  the  brouhaha 
around  a  couple  of  hacks  deemed  misogynistic  at 
TechCrunch  Disrupt  last  year.  Those  things  can 
only  happen  when  guys  are  used  to  being  surround¬ 
ed  by  nothing  but  guys.  And  when  they  do  happen, 
they  draw  protest  only  because  tech  isn’t  really  an 
all-male  arena;  it  just  feels  that  way  sometimes. 

Addressing  the  problem  is  complicated.  GoDaddy 
is  working  with  the  Anita  Borg  Institute  to  encour¬ 
age  better  female  representation  in  technology.  And 
about  one-third  of  the  people  on  GoDaddy’s  leader¬ 
ship  team  are  women.  But  don’t  let  the  irony  hit  you 
over  the  head:  This  is  the  same  GoDaddy  whose 


suggestive  ads  often  feature  scantily  clad  “chicks.” 

Legislation  could  help:  Look  at  what  Title  IX 
did  for  women  in  sports.  If  the  Employment  Non- 
Discrimination  Act  became  law,  it  would  prohibit 
companies  with  15  or  more  employees  from  dis¬ 
criminating  on  the  basis  of  sexual  orientation  or 
gender.  It  has  languished  in  Congress  for  years. 

Part  of  the  problem  is  that  even  people  who  see 
fighting  prejudice  on  the  basis  of  race,  gender  or 
sexuality  as  worthy  of  support  tend  to  agree  when 
they  hear  ENDA  opponents  say  there’s  no  real  dis¬ 
crimination  these  days.  They  tell  themselves,  “It’s 
2014;  surely  there  isn’t  a  problem  anymore?” 

It  is  2014.  And  there  is  still  a  problem.  Particu¬ 
larly  in  IT. 

It  would  also  help  if  powerful  people  woke  up  to 
the  problem.  Apple’s  Tim  Cook  recently  added  his 
name  to  the  push  against  prejudice.  “The  House 
should  mark  the  50th  anniversary  of  the  Civil 
Rights  Act  by  passing  ENDA,”  he  wrote  on  Twitter. 

Meanwhile,  many  ambitious  women,  in  a  quest 
for  self-fulfillment,  have  become  entrepreneurs. 
The  number  of  women  starting  small  businesses  in 
the  U.S.  is  growing  at  twice  the  rate  at  which  small 
businesses  as  a  general  category  are  growing,  ac¬ 
cording  to  Deloitte.  What  are  these  talented  female 
minds  doing?  They’re  saving  the  economy  while 
the  menfolk  play  with  Google  Glass. 

Is  the  trend  of  women  turning  to  entrepre¬ 
neurship  our  best  shot  at  finally  eliminating  IT’s 
sexism  problem?  It  doesn’t  have  to  be;  we  all  must 
help  create  an  environment  in  which  women  can 
gain  the  equality  that’s  been  denied  them.  ♦ 
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Designed  to  be  exceptional. 

Introducing  IBM  X6  systems. 

As  decision  makers  push  to  gain  deeper  insights  through  data  and  analytics,  the  demands  on  IT  increase 
exponentially.  These  mission-critical  workloads  need  to  be  delivered  faster,  more  cost-effectively  and 
without  interruption.  As  they  stand,  current  technologies  will  not  be  able  to  keep  up. 

Presenting  IBM®  X6  systems  -  featuring  IBM  eXFIash  DIMM-based  storage  technology,  which  offers  lower 
latency  compared  to  leading  PCI-E  based  flash  storage1,  equipping  your  IT  infrastructure  with  performance 
for  mission-critical  workloads  well  into  the  future.  With  enterprise  resiliency  and  innovative  design,  X6  will  give 
you  the  agility  and  confidence  to  deploy  larger  applications,  including  through  the  cloud.  Powered  by  the 
future  Intel®  Xeon®  processor  E7  product  families,  X6  will  allow  you  to  build  a  completely  flexible  infrastructure 
that  is  responsive  to  the  speed  of  your  business. 

Discover  how  the  fast,  agile  and  resilient  X6  systems  can  help  you  drive  faster  decision  making. 

Visit:  ibm.com/systems/newx6 


inside 

XEON 


'Based  on  preliminary  IBM  testing  of  x3850  X6  with  PCI-E  based  flash  storage  achieving  write  latency  of  15gs  and  DIMM-based  flash  storage  achieving  lOps  write  latency.  These  preliminary  results  - 

are  subject  to  change. 

IBM,  ibm.com  and  their  logos  are  trademarks  of  IBM  Corp..  registered  in  many  jurisdictions  worldwide.  See  current  list  at  ibm.com/trademark.  Intel,  the  Intel  logo,  Xeon  and  Xeon  Inside  are 
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